diff --git "a/solidity_dataset.json" "b/solidity_dataset.json" new file mode 100644--- /dev/null +++ "b/solidity_dataset.json" @@ -0,0 +1,1227 @@ +[ + { + "contract": "vulnerableBlockHashGame.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/cclabsInc/BlockChainExploitation/blob/master/2020_BlockchainFreeCourse/bad_randomness/vulnerableBlockHashGame.sol\n * @author: -\n * @vulnerable_at_lines: 32\n */\n\n\npragma solidity ^0.5.0;\n\ncontract vulnerableBlockHashGame {\n \n uint balance = 2 ether;\n mapping (address => uint) blockNumber; \n bool public win; \n \n constructor() public payable{\n require(msg.value >= 10 ether);\n }\n \n function get_block_number() internal { \n blockNumber[msg.sender] = uint(block.number);\n }\n \n function playGame() public payable {\n require (msg.value >= 1 ether);\n get_block_number();\n }\n \n \n function checkWinner() public payable { \n // BAD_RANDOMNESS\n\t if (uint(blockhash(blockNumber[msg.sender])) % 2 == 0) {\n\t win = true; \n\t\t msg.sender.transfer(balance);\n\t\t}else{\n\t\t win = false;\n\t\t}\n }\n \n function wasteTime() public{\n uint test = uint(block.number);\n\n }\n\n}" + }, + { + "contract": "theRun.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/crytic/not-so-smart-contracts/blob/master/bad_randomness/theRun_source_code/theRun.sol\n * @author: Ben Perez\n * @vulnerable_at_lines: 110\n */\npragma solidity ^0.4.13;\n\ncontract theRun {\n uint private Balance = 0;\n uint private Payout_id = 0;\n uint private Last_Payout = 0;\n uint private WinningPot = 0;\n uint private Min_multiplier = 1100; //110%\n \n\n //Fees are necessary and set very low, to maintain the website. The fees will decrease each time they are collected.\n //Fees are just here to maintain the website at beginning, and will progressively go to 0% :)\n uint private fees = 0;\n uint private feeFrac = 20; //Fraction for fees in per\"thousand\", not percent, so 20 is 2%\n \n uint private PotFrac = 30; //For the WinningPot ,30=> 3% are collected. This is fixed.\n \n \n address private admin;\n \n function theRun() {\n admin = msg.sender;\n }\n\n modifier onlyowner {if (msg.sender == admin) _; }\n\n struct Player {\n address addr;\n uint payout;\n bool paid;\n }\n\n Player[] private players;\n\n //--Fallback function\n function() {\n init();\n }\n\n //--initiated function\n function init() private {\n uint deposit=msg.value;\n if (msg.value < 500 finney) { //only participation with >1 ether accepted\n msg.sender.send(msg.value);\n return;\n }\n if (msg.value > 20 ether) { //only participation with <20 ether accepted\n msg.sender.send(msg.value- (20 ether));\n deposit=20 ether;\n }\n Participate(deposit);\n }\n\n //------- Core of the game----------\n function Participate(uint deposit) private {\n //calculate the multiplier to apply to the future payout\n \n\n uint total_multiplier=Min_multiplier; //initiate total_multiplier\n if(Balance < 1 ether && players.length>1){\n total_multiplier+=100; // + 10 %\n }\n if( (players.length % 10)==0 && players.length>1 ){ //Every 10th participant gets a 10% bonus, play smart !\n total_multiplier+=100; // + 10 %\n }\n \n //add new player in the queue !\n players.push(Player(msg.sender, (deposit * total_multiplier) / 1000, false));\n \n //--- UPDATING CONTRACT STATS ----\n WinningPot += (deposit * PotFrac) / 1000; // take some 3% to add for the winning pot !\n fees += (deposit * feeFrac) / 1000; // collect maintenance fees 2%\n Balance += (deposit * (1000 - ( feeFrac + PotFrac ))) / 1000; // update balance\n\n // Winning the Pot :) Condition : paying at least 1 people with deposit > 2 ether and having luck !\n if( ( deposit > 1 ether ) && (deposit > players[Payout_id].payout) ){ \n uint roll = random(100); //take a random number between 1 & 100\n if( roll % 10 == 0 ){ //if lucky : Chances : 1 out of 10 ! \n msg.sender.send(WinningPot); // Bravo !\n WinningPot=0;\n }\n \n }\n \n //Classic payout for the participants\n while ( Balance > players[Payout_id].payout ) {\n Last_Payout = players[Payout_id].payout;\n players[Payout_id].addr.send(Last_Payout); //pay the man, please !\n Balance -= players[Payout_id].payout; //update the balance\n players[Payout_id].paid=true;\n \n Payout_id += 1;\n }\n }\n\n\n\n uint256 constant private salt = block.timestamp;\n \n function random(uint Max) constant private returns (uint256 result){\n //get the best seed for randomness\n uint256 x = salt * 100 / Max;\n uint256 y = salt * block.number / (salt % 5) ;\n uint256 seed = block.number/3 + (salt % 300) + Last_Payout +y; \n // BAD_RANDOMNESS\n uint256 h = uint256(block.blockhash(seed)); \n \n return uint256((h / x)) % Max + 1; //random number between 1 and Max\n }\n \n \n\n //---Contract management functions\n function ChangeOwnership(address _owner) onlyowner {\n admin = _owner;\n }\n function WatchBalance() constant returns(uint TotalBalance) {\n TotalBalance = Balance / 1 wei;\n }\n \n function WatchBalanceInEther() constant returns(uint TotalBalanceInEther) {\n TotalBalanceInEther = Balance / 1 ether;\n }\n \n \n //Fee functions for creator\n function CollectAllFees() onlyowner {\n if (fees == 0) throw;\n admin.send(fees);\n feeFrac-=1;\n fees = 0;\n }\n \n function GetAndReduceFeesByFraction(uint p) onlyowner {\n if (fees == 0) feeFrac-=1; //Reduce fees.\n admin.send(fees / 1000 * p);//send a percent of fees\n fees -= fees / 1000 * p;\n }\n \n\n//---Contract informations\nfunction NextPayout() constant returns(uint NextPayout) {\n NextPayout = players[Payout_id].payout / 1 wei;\n}\n\nfunction WatchFees() constant returns(uint CollectedFees) {\n CollectedFees = fees / 1 wei;\n}\n\n\nfunction WatchWinningPot() constant returns(uint WinningPot) {\n WinningPot = WinningPot / 1 wei;\n}\n\nfunction WatchLastPayout() constant returns(uint payout) {\n payout = Last_Payout;\n}\n\nfunction Total_of_Players() constant returns(uint NumberOfPlayers) {\n NumberOfPlayers = players.length;\n}\n\nfunction PlayerInfo(uint id) constant returns(address Address, uint Payout, bool UserPaid) {\n if (id <= players.length) {\n Address = players[id].addr;\n Payout = players[id].payout / 1 wei;\n UserPaid=players[id].paid;\n }\n}\n\nfunction PayoutQueueSize() constant returns(uint QueueSize) {\n QueueSize = players.length - Payout_id;\n}\n\n\n}" + }, + { + "contract": "guess_the_random_number.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://capturetheether.com/challenges/lotteries/guess-the-random-number/\n * @author: Steve Marx\n * @vulnerable_at_lines: 15\n */\n\npragma solidity ^0.4.21;\n\ncontract GuessTheRandomNumberChallenge {\n uint8 answer;\n\n function GuessTheRandomNumberChallenge() public payable {\n require(msg.value == 1 ether);\n // BAD_RANDOMNESS\n answer = uint8(keccak256(block.blockhash(block.number - 1), now));\n }\n\n function isComplete() public view returns (bool) {\n return address(this).balance == 0;\n }\n\n function guess(uint8 n) public payable {\n require(msg.value == 1 ether);\n\n if (n == answer) {\n msg.sender.transfer(2 ether);\n }\n }\n}\n" + }, + { + "contract": "lucky_doubler.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xF767fCA8e65d03fE16D4e38810f5E5376c3372A8#code\n * @vulnerable_at_lines: 127,128,129,130,132\n * @author: -\n */\n\n //added pragma version\npragma solidity ^0.4.0;\n\n contract LuckyDoubler {\n//##########################################################\n//#### LuckyDoubler: A doubler with random payout order ####\n//#### Deposit 1 ETHER to participate ####\n//##########################################################\n//COPYRIGHT 2016 KATATSUKI ALL RIGHTS RESERVED\n//No part of this source code may be reproduced, distributed,\n//modified or transmitted in any form or by any means without\n//the prior written permission of the creator.\n\n address private owner;\n\n //Stored variables\n uint private balance = 0;\n uint private fee = 5;\n uint private multiplier = 125;\n\n mapping (address => User) private users;\n Entry[] private entries;\n uint[] private unpaidEntries;\n\n //Set owner on contract creation\n function LuckyDoubler() {\n owner = msg.sender;\n }\n\n modifier onlyowner { if (msg.sender == owner) _; }\n\n struct User {\n address id;\n uint deposits;\n uint payoutsReceived;\n }\n\n struct Entry {\n address entryAddress;\n uint deposit;\n uint payout;\n bool paid;\n }\n\n //Fallback function\n function() {\n init();\n }\n\n function init() private{\n\n if (msg.value < 1 ether) {\n msg.sender.send(msg.value);\n return;\n }\n\n join();\n }\n\n function join() private {\n\n //Limit deposits to 1ETH\n uint dValue = 1 ether;\n\n if (msg.value > 1 ether) {\n\n \tmsg.sender.send(msg.value - 1 ether);\n \tdValue = 1 ether;\n }\n\n //Add new users to the users array\n if (users[msg.sender].id == address(0))\n {\n users[msg.sender].id = msg.sender;\n users[msg.sender].deposits = 0;\n users[msg.sender].payoutsReceived = 0;\n }\n\n //Add new entry to the entries array\n entries.push(Entry(msg.sender, dValue, (dValue * (multiplier) / 100), false));\n users[msg.sender].deposits++;\n unpaidEntries.push(entries.length -1);\n\n //Collect fees and update contract balance\n balance += (dValue * (100 - fee)) / 100;\n\n uint index = unpaidEntries.length > 1 ? rand(unpaidEntries.length) : 0;\n Entry theEntry = entries[unpaidEntries[index]];\n\n //Pay pending entries if the new balance allows for it\n if (balance > theEntry.payout) {\n\n uint payout = theEntry.payout;\n\n theEntry.entryAddress.send(payout);\n theEntry.paid = true;\n users[theEntry.entryAddress].payoutsReceived++;\n\n balance -= payout;\n\n if (index < unpaidEntries.length - 1)\n unpaidEntries[index] = unpaidEntries[unpaidEntries.length - 1];\n\n unpaidEntries.length--;\n\n }\n\n //Collect money from fees and possible leftovers from errors (actual balance untouched)\n uint fees = this.balance - balance;\n if (fees > 0)\n {\n owner.send(fees);\n }\n\n }\n\n //Generate random number between 0 & max\n uint256 constant private FACTOR = 1157920892373161954235709850086879078532699846656405640394575840079131296399;\n // BAD_RANDOMNESS\n function rand(uint max) constant private returns (uint256 result){\n uint256 factor = FACTOR * 100 / max;\n uint256 lastBlockNumber = block.number - 1;\n uint256 hashVal = uint256(block.blockhash(lastBlockNumber));\n\n return uint256((uint256(hashVal) / factor)) % max;\n }\n\n\n //Contract management\n function changeOwner(address newOwner) onlyowner {\n owner = newOwner;\n }\n\n function changeMultiplier(uint multi) onlyowner {\n if (multi < 110 || multi > 150) throw;\n\n multiplier = multi;\n }\n\n function changeFee(uint newFee) onlyowner {\n if (fee > 5)\n throw;\n fee = newFee;\n }\n\n\n //JSON functions\n function multiplierFactor() constant returns (uint factor, string info) {\n factor = multiplier;\n info = 'The current multiplier applied to all deposits. Min 110%, max 150%.';\n }\n\n function currentFee() constant returns (uint feePercentage, string info) {\n feePercentage = fee;\n info = 'The fee percentage applied to all deposits. It can change to speed payouts (max 5%).';\n }\n\n function totalEntries() constant returns (uint count, string info) {\n count = entries.length;\n info = 'The number of deposits.';\n }\n\n function userStats(address user) constant returns (uint deposits, uint payouts, string info)\n {\n if (users[user].id != address(0x0))\n {\n deposits = users[user].deposits;\n payouts = users[user].payoutsReceived;\n info = 'Users stats: total deposits, payouts received.';\n }\n }\n\n function entryDetails(uint index) constant returns (address user, uint payout, bool paid, string info)\n {\n if (index < entries.length) {\n user = entries[index].entryAddress;\n payout = entries[index].payout / 1 finney;\n paid = entries[index].paid;\n info = 'Entry info: user address, expected payout in Finneys, payout status.';\n }\n }\n\n\n}\n" + }, + { + "contract": "random_number_generator.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/random_number_generator.sol\n * @author: -\n * @vulnerable_at_lines: 12,18,20,22\n */\n\npragma solidity ^0.4.25;\n\n// Based on TheRun contract deployed at 0xcac337492149bDB66b088bf5914beDfBf78cCC18.\ncontract RandomNumberGenerator {\n // BAD_RANDOMNESS\n uint256 private salt = block.timestamp;\n\n function random(uint max) view private returns (uint256 result) {\n // Get the best seed for randomness\n uint256 x = salt * 100 / max;\n // BAD_RANDOMNESS\n uint256 y = salt * block.number / (salt % 5);\n // BAD_RANDOMNESS\n uint256 seed = block.number / 3 + (salt % 300) + y;\n // BAD_RANDOMNESS\n uint256 h = uint256(blockhash(seed));\n // Random number between 1 and max\n return uint256((h / x)) % max + 1;\n }\n}\n" + }, + { + "contract": "old_blockhash.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/old_blockhash.sol\n * @author: -\n * @vulnerable_at_lines: 35\n */\n\npragma solidity ^0.4.24;\n\n//Based on the the Capture the Ether challange at https://capturetheether.com/challenges/lotteries/predict-the-block-hash/\n//Note that while it seems to have a 1/2^256 chance you guess the right hash, actually blockhash returns zero for blocks numbers that are more than 256 blocks ago so you can guess zero and wait.\ncontract PredictTheBlockHashChallenge {\n\n struct guess{\n uint block;\n bytes32 guess;\n }\n\n mapping(address => guess) guesses;\n\n constructor() public payable {\n require(msg.value == 1 ether);\n }\n\n function lockInGuess(bytes32 hash) public payable {\n require(guesses[msg.sender].block == 0);\n require(msg.value == 1 ether);\n\n guesses[msg.sender].guess = hash;\n guesses[msg.sender].block = block.number + 1;\n }\n\n function settle() public {\n require(block.number > guesses[msg.sender].block);\n // BAD_RANDOMNESS\n bytes32 answer = blockhash(guesses[msg.sender].block);\n\n guesses[msg.sender].block = 0;\n if (guesses[msg.sender].guess == answer) {\n msg.sender.transfer(2 ether);\n }\n }\n}\n" + }, + { + "contract": "blackjack.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xa65d59708838581520511d98fb8b5d1f76a96cad#code\n * @vulnerable_at_lines: 17,19,21\n * @author: -\n */\n\n pragma solidity ^0.4.9;\n\nlibrary Deck {\n\t// returns random number from 0 to 51\n\t// let's say 'value' % 4 means suit (0 - Hearts, 1 - Spades, 2 - Diamonds, 3 - Clubs)\n\t//\t\t\t 'value' / 4 means: 0 - King, 1 - Ace, 2 - 10 - pip values, 11 - Jacket, 12 - Queen\n\n\tfunction deal(address player, uint8 cardNumber) internal returns (uint8) {\n\t\t// BAD_RANDOMNESS\n\t\tuint b = block.number;\n\t\t// BAD_RANDOMNESS\n\t\tuint timestamp = block.timestamp;\n\t\t// BAD_RANDOMNESS\n\t\treturn uint8(uint256(keccak256(block.blockhash(b), player, cardNumber, timestamp)) % 52);\n\t}\n\n\tfunction valueOf(uint8 card, bool isBigAce) internal constant returns (uint8) {\n\t\tuint8 value = card / 4;\n\t\tif (value == 0 || value == 11 || value == 12) { // Face cards\n\t\t\treturn 10;\n\t\t}\n\t\tif (value == 1 && isBigAce) { // Ace is worth 11\n\t\t\treturn 11;\n\t\t}\n\t\treturn value;\n\t}\n\n\tfunction isAce(uint8 card) internal constant returns (bool) {\n\t\treturn card / 4 == 1;\n\t}\n\n\tfunction isTen(uint8 card) internal constant returns (bool) {\n\t\treturn card / 4 == 10;\n\t}\n}\n\n\ncontract BlackJack {\n\tusing Deck for *;\n\n\tuint public minBet = 50 finney; // 0.05 eth\n\tuint public maxBet = 5 ether;\n\n\tuint8 BLACKJACK = 21;\n\n enum GameState { Ongoing, Player, Tie, House }\n\n\tstruct Game {\n\t\taddress player; // address \u0438\u0433\u0440\u043e\u043a\u0430\n\t\tuint bet; // \u0441\u0442\u044b\u0432\u043a\u0430\n\n\t\tuint8[] houseCards; // \u043a\u0430\u0440\u0442\u044b \u0434\u0438\u043b\u043b\u0435\u0440\u0430\n\t\tuint8[] playerCards; // \u043a\u0430\u0440\u0442\u044b \u0438\u0433\u0440\u043e\u043a\u0430\n\n\t\tGameState state; // \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\n\t\tuint8 cardsDealt;\n\t}\n\n\tmapping (address => Game) public games;\n\n\tmodifier gameIsGoingOn() {\n\t\tif (games[msg.sender].player == 0 || games[msg.sender].state != GameState.Ongoing) {\n\t\t\tthrow; // game doesn't exist or already finished\n\t\t}\n\t\t_;\n\t}\n\n\tevent Deal(\n bool isUser,\n uint8 _card\n );\n\n event GameStatus(\n \tuint8 houseScore,\n \tuint8 houseScoreBig,\n \tuint8 playerScore,\n \tuint8 playerScoreBig\n );\n\n event Log(\n \tuint8 value\n );\n\n\tfunction BlackJack() {\n\n\t}\n\n\tfunction () payable {\n\n\t}\n\n\t// starts a new game\n\tfunction deal() public payable {\n\t\tif (games[msg.sender].player != 0 && games[msg.sender].state == GameState.Ongoing) {\n\t\t\tthrow; // game is already going on\n\t\t}\n\n\t\tif (msg.value < minBet || msg.value > maxBet) {\n\t\t\tthrow; // incorrect bet\n\t\t}\n\n\t\tuint8[] memory houseCards = new uint8[](1);\n\t\tuint8[] memory playerCards = new uint8[](2);\n\n\t\t// deal the cards\n\t\tplayerCards[0] = Deck.deal(msg.sender, 0);\n\t\tDeal(true, playerCards[0]);\n\t\thouseCards[0] = Deck.deal(msg.sender, 1);\n\t\tDeal(false, houseCards[0]);\n\t\tplayerCards[1] = Deck.deal(msg.sender, 2);\n\t\tDeal(true, playerCards[1]);\n\n\t\tgames[msg.sender] = Game({\n\t\t\tplayer: msg.sender,\n\t\t\tbet: msg.value,\n\t\t\thouseCards: houseCards,\n\t\t\tplayerCards: playerCards,\n\t\t\tstate: GameState.Ongoing,\n\t\t\tcardsDealt: 3\n\t\t});\n\n\t\tcheckGameResult(games[msg.sender], false);\n\t}\n\n\t// deals one more card to the player\n\tfunction hit() public gameIsGoingOn {\n\t\tuint8 nextCard = games[msg.sender].cardsDealt;\n\t\tgames[msg.sender].playerCards.push(Deck.deal(msg.sender, nextCard));\n\t\tgames[msg.sender].cardsDealt = nextCard + 1;\n\t\tDeal(true, games[msg.sender].playerCards[games[msg.sender].playerCards.length - 1]);\n\t\tcheckGameResult(games[msg.sender], false);\n\t}\n\n\t// finishes the game\n\tfunction stand() public gameIsGoingOn {\n\n\t\tvar (houseScore, houseScoreBig) = calculateScore(games[msg.sender].houseCards);\n\n\t\twhile (houseScoreBig < 17) {\n\t\t\tuint8 nextCard = games[msg.sender].cardsDealt;\n\t\t\tuint8 newCard = Deck.deal(msg.sender, nextCard);\n\t\t\tgames[msg.sender].houseCards.push(newCard);\n\t\t\tgames[msg.sender].cardsDealt = nextCard + 1;\n\t\t\thouseScoreBig += Deck.valueOf(newCard, true);\n\t\t\tDeal(false, newCard);\n\t\t}\n\n\t\tcheckGameResult(games[msg.sender], true);\n\t}\n\n\t// @param finishGame - whether to finish the game or not (in case of Blackjack the game finishes anyway)\n\tfunction checkGameResult(Game game, bool finishGame) private {\n\t\t// calculate house score\n\t\tvar (houseScore, houseScoreBig) = calculateScore(game.houseCards);\n\t\t// calculate player score\n\t\tvar (playerScore, playerScoreBig) = calculateScore(game.playerCards);\n\n\t\tGameStatus(houseScore, houseScoreBig, playerScore, playerScoreBig);\n\n\t\tif (houseScoreBig == BLACKJACK || houseScore == BLACKJACK) {\n\t\t\tif (playerScore == BLACKJACK || playerScoreBig == BLACKJACK) {\n\t\t\t\t// TIE\n\t\t\t\tif (!msg.sender.send(game.bet)) throw; // return bet to the player\n\t\t\t\tgames[msg.sender].state = GameState.Tie; // finish the game\n\t\t\t\treturn;\n\t\t\t} else {\n\t\t\t\t// HOUSE WON\n\t\t\t\tgames[msg.sender].state = GameState.House; // simply finish the game\n\t\t\t\treturn;\n\t\t\t}\n\t\t} else {\n\t\t\tif (playerScore == BLACKJACK || playerScoreBig == BLACKJACK) {\n\t\t\t\t// PLAYER WON\n\t\t\t\tif (game.playerCards.length == 2 && (Deck.isTen(game.playerCards[0]) || Deck.isTen(game.playerCards[1]))) {\n\t\t\t\t\t// Natural blackjack => return x2.5\n\t\t\t\t\tif (!msg.sender.send((game.bet * 5) / 2)) throw; // send prize to the player\n\t\t\t\t} else {\n\t\t\t\t\t// Usual blackjack => return x2\n\t\t\t\t\tif (!msg.sender.send(game.bet * 2)) throw; // send prize to the player\n\t\t\t\t}\n\t\t\t\tgames[msg.sender].state = GameState.Player; // finish the game\n\t\t\t\treturn;\n\t\t\t} else {\n\n\t\t\t\tif (playerScore > BLACKJACK) {\n\t\t\t\t\t// BUST, HOUSE WON\n\t\t\t\t\tLog(1);\n\t\t\t\t\tgames[msg.sender].state = GameState.House; // finish the game\n\t\t\t\t\treturn;\n\t\t\t\t}\n\n\t\t\t\tif (!finishGame) {\n\t\t\t\t\treturn; // continue the game\n\t\t\t\t}\n\n // \u043d\u0435\u0434\u043e\u0431\u043e\u0440\n\t\t\t\tuint8 playerShortage = 0;\n\t\t\t\tuint8 houseShortage = 0;\n\n\t\t\t\t// player decided to finish the game\n\t\t\t\tif (playerScoreBig > BLACKJACK) {\n\t\t\t\t\tif (playerScore > BLACKJACK) {\n\t\t\t\t\t\t// HOUSE WON\n\t\t\t\t\t\tgames[msg.sender].state = GameState.House; // simply finish the game\n\t\t\t\t\t\treturn;\n\t\t\t\t\t} else {\n\t\t\t\t\t\tplayerShortage = BLACKJACK - playerScore;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tplayerShortage = BLACKJACK - playerScoreBig;\n\t\t\t\t}\n\n\t\t\t\tif (houseScoreBig > BLACKJACK) {\n\t\t\t\t\tif (houseScore > BLACKJACK) {\n\t\t\t\t\t\t// PLAYER WON\n\t\t\t\t\t\tif (!msg.sender.send(game.bet * 2)) throw; // send prize to the player\n\t\t\t\t\t\tgames[msg.sender].state = GameState.Player;\n\t\t\t\t\t\treturn;\n\t\t\t\t\t} else {\n\t\t\t\t\t\thouseShortage = BLACKJACK - houseScore;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\thouseShortage = BLACKJACK - houseScoreBig;\n\t\t\t\t}\n\n // ?????????????????????? \u043f\u043e\u0447\u0435\u043c\u0443 \u0438\u0433\u0440\u0430 \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f?\n\t\t\t\tif (houseShortage == playerShortage) {\n\t\t\t\t\t// TIE\n\t\t\t\t\tif (!msg.sender.send(game.bet)) throw; // return bet to the player\n\t\t\t\t\tgames[msg.sender].state = GameState.Tie;\n\t\t\t\t} else if (houseShortage > playerShortage) {\n\t\t\t\t\t// PLAYER WON\n\t\t\t\t\tif (!msg.sender.send(game.bet * 2)) throw; // send prize to the player\n\t\t\t\t\tgames[msg.sender].state = GameState.Player;\n\t\t\t\t} else {\n\t\t\t\t\tgames[msg.sender].state = GameState.House;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\tfunction calculateScore(uint8[] cards) private constant returns (uint8, uint8) {\n\t\tuint8 score = 0;\n\t\tuint8 scoreBig = 0; // in case of Ace there could be 2 different scores\n\t\tbool bigAceUsed = false;\n\t\tfor (uint i = 0; i < cards.length; ++i) {\n\t\t\tuint8 card = cards[i];\n\t\t\tif (Deck.isAce(card) && !bigAceUsed) { // doesn't make sense to use the second Ace as 11, because it leads to the losing\n\t\t\t\tscoreBig += Deck.valueOf(card, true);\n\t\t\t\tbigAceUsed = true;\n\t\t\t} else {\n\t\t\t\tscoreBig += Deck.valueOf(card, false);\n\t\t\t}\n\t\t\tscore += Deck.valueOf(card, false);\n\t\t}\n\t\treturn (score, scoreBig);\n\t}\n\n\tfunction getPlayerCard(uint8 id) public gameIsGoingOn constant returns(uint8) {\n\t\tif (id < 0 || id > games[msg.sender].playerCards.length) {\n\t\t\tthrow;\n\t\t}\n\t\treturn games[msg.sender].playerCards[id];\n\t}\n\n\tfunction getHouseCard(uint8 id) public gameIsGoingOn constant returns(uint8) {\n\t\tif (id < 0 || id > games[msg.sender].houseCards.length) {\n\t\t\tthrow;\n\t\t}\n\t\treturn games[msg.sender].houseCards[id];\n\t}\n\n\tfunction getPlayerCardsNumber() public gameIsGoingOn constant returns(uint) {\n\t\treturn games[msg.sender].playerCards.length;\n\t}\n\n\tfunction getHouseCardsNumber() public gameIsGoingOn constant returns(uint) {\n\t\treturn games[msg.sender].houseCards.length;\n\t}\n\n\tfunction getGameState() public constant returns (uint8) {\n\t\tif (games[msg.sender].player == 0) {\n\t\t\tthrow; // game doesn't exist\n\t\t}\n\n\t\tGame game = games[msg.sender];\n\n\t\tif (game.state == GameState.Player) {\n\t\t\treturn 1;\n\t\t}\n\t\tif (game.state == GameState.House) {\n\t\t\treturn 2;\n\t\t}\n\t\tif (game.state == GameState.Tie) {\n\t\t\treturn 3;\n\t\t}\n\n\t\treturn 0; // the game is still going on\n\t}\n\n}\n" + }, + { + "contract": "etheraffle.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xcC88937F325d1C6B97da0AFDbb4cA542EFA70870#code\n * @vulnerable_at_lines: 49,99,101,103,114,158\n * @author: -\n */\n\n pragma solidity ^0.4.16;\n\ncontract Ethraffle_v4b {\n struct Contestant {\n address addr;\n uint raffleId;\n }\n\n event RaffleResult(\n uint raffleId,\n uint winningNumber,\n address winningAddress,\n address seed1,\n address seed2,\n uint seed3,\n bytes32 randHash\n );\n\n event TicketPurchase(\n uint raffleId,\n address contestant,\n uint number\n );\n\n event TicketRefund(\n uint raffleId,\n address contestant,\n uint number\n );\n\n // Constants\n uint public constant prize = 2.5 ether;\n uint public constant fee = 0.03 ether;\n uint public constant totalTickets = 50;\n uint public constant pricePerTicket = (prize + fee) / totalTickets; // Make sure this divides evenly\n address feeAddress;\n\n // Other internal variables\n bool public paused = false;\n uint public raffleId = 1;\n // BAD_RANDOMNESS\n uint public blockNumber = block.number;\n uint nextTicket = 0;\n mapping (uint => Contestant) contestants;\n uint[] gaps;\n\n // Initialization\n function Ethraffle_v4b() public {\n feeAddress = msg.sender;\n }\n\n // Call buyTickets() when receiving Ether outside a function\n function () payable public {\n buyTickets();\n }\n\n function buyTickets() payable public {\n if (paused) {\n msg.sender.transfer(msg.value);\n return;\n }\n\n uint moneySent = msg.value;\n\n while (moneySent >= pricePerTicket && nextTicket < totalTickets) {\n uint currTicket = 0;\n if (gaps.length > 0) {\n currTicket = gaps[gaps.length-1];\n gaps.length--;\n } else {\n currTicket = nextTicket++;\n }\n\n contestants[currTicket] = Contestant(msg.sender, raffleId);\n TicketPurchase(raffleId, msg.sender, currTicket);\n moneySent -= pricePerTicket;\n }\n\n // Choose winner if we sold all the tickets\n if (nextTicket == totalTickets) {\n chooseWinner();\n }\n\n // Send back leftover money\n if (moneySent > 0) {\n msg.sender.transfer(moneySent);\n }\n }\n\n function chooseWinner() private {\n // BAD_RANDOMNESS\n address seed1 = contestants[uint(block.coinbase) % totalTickets].addr;\n // BAD_RANDOMNESS\n address seed2 = contestants[uint(msg.sender) % totalTickets].addr;\n // BAD_RANDOMNESS\n uint seed3 = block.difficulty;\n bytes32 randHash = keccak256(seed1, seed2, seed3);\n\n uint winningNumber = uint(randHash) % totalTickets;\n address winningAddress = contestants[winningNumber].addr;\n RaffleResult(raffleId, winningNumber, winningAddress, seed1, seed2, seed3, randHash);\n\n // Start next raffle\n raffleId++;\n nextTicket = 0;\n // BAD_RANDOMNESS\n blockNumber = block.number;\n\n // gaps.length = 0 isn't necessary here,\n // because buyTickets() eventually clears\n // the gaps array in the loop itself.\n\n // Distribute prize and fee\n winningAddress.transfer(prize);\n feeAddress.transfer(fee);\n }\n\n // Get your money back before the raffle occurs\n function getRefund() public {\n uint refund = 0;\n for (uint i = 0; i < totalTickets; i++) {\n if (msg.sender == contestants[i].addr && raffleId == contestants[i].raffleId) {\n refund += pricePerTicket;\n contestants[i] = Contestant(address(0), 0);\n gaps.push(i);\n TicketRefund(raffleId, msg.sender, i);\n }\n }\n\n if (refund > 0) {\n msg.sender.transfer(refund);\n }\n }\n\n // Refund everyone's money, start a new raffle, then pause it\n function endRaffle() public {\n if (msg.sender == feeAddress) {\n paused = true;\n\n for (uint i = 0; i < totalTickets; i++) {\n if (raffleId == contestants[i].raffleId) {\n TicketRefund(raffleId, contestants[i].addr, i);\n contestants[i].addr.transfer(pricePerTicket);\n }\n }\n\n RaffleResult(raffleId, totalTickets, address(0), address(0), address(0), 0, 0);\n raffleId++;\n nextTicket = 0;\n // BAD_RANDOMNESS\n blockNumber = block.number;\n gaps.length = 0;\n }\n }\n\n function togglePause() public {\n if (msg.sender == feeAddress) {\n paused = !paused;\n }\n }\n\n function kill() public {\n if (msg.sender == feeAddress) {\n selfdestruct(feeAddress);\n }\n }\n}\n" + }, + { + "contract": "smart_billions.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://etherscan.io/address/0x5ace17f87c7391e5792a7683069a8025b83bbd85#code\n * @author: -\n * @vulnerable_at_lines: 523,560,700,702,704,706,708,710,712,714,716,718\n */\n\npragma solidity ^0.4.13;\n\nlibrary SafeMath {\n function sub(uint a, uint b) internal returns (uint) {\n assert(b <= a);\n return a - b;\n }\n function add(uint a, uint b) internal returns (uint) {\n uint c = a + b;\n assert(c >= a);\n return c;\n }\n}\n\ncontract ERC20Basic {\n uint public totalSupply;\n address public owner; //owner\n address public animator; //animator\n function balanceOf(address who) constant returns (uint);\n function transfer(address to, uint value);\n event Transfer(address indexed from, address indexed to, uint value);\n function commitDividend(address who) internal; // pays remaining dividend\n}\n\ncontract ERC20 is ERC20Basic {\n function allowance(address owner, address spender) constant returns (uint);\n function transferFrom(address from, address to, uint value);\n function approve(address spender, uint value);\n event Approval(address indexed owner, address indexed spender, uint value);\n}\n\ncontract BasicToken is ERC20Basic {\n using SafeMath for uint;\n mapping(address => uint) balances;\n\n modifier onlyPayloadSize(uint size) {\n assert(msg.data.length >= size + 4);\n _;\n }\n /**\n * @dev transfer token for a specified address\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) {\n commitDividend(msg.sender);\n balances[msg.sender] = balances[msg.sender].sub(_value);\n if(_to == address(this)) {\n commitDividend(owner);\n balances[owner] = balances[owner].add(_value);\n Transfer(msg.sender, owner, _value);\n }\n else {\n commitDividend(_to);\n balances[_to] = balances[_to].add(_value);\n Transfer(msg.sender, _to, _value);\n }\n }\n /**\n * @dev Gets the balance of the specified address.\n * @param _owner The address to query the the balance of.\n * @return An uint representing the amount owned by the passed address.\n */\n function balanceOf(address _owner) constant returns (uint balance) {\n return balances[_owner];\n }\n}\n\ncontract StandardToken is BasicToken, ERC20 {\n mapping (address => mapping (address => uint)) allowed;\n\n /**\n * @dev Transfer tokens from one address to another\n * @param _from address The address which you want to send tokens from\n * @param _to address The address which you want to transfer to\n * @param _value uint the amout of tokens to be transfered\n */\n function transferFrom(address _from, address _to, uint _value) onlyPayloadSize(3 * 32) {\n var _allowance = allowed[_from][msg.sender];\n commitDividend(_from);\n commitDividend(_to);\n balances[_to] = balances[_to].add(_value);\n balances[_from] = balances[_from].sub(_value);\n allowed[_from][msg.sender] = _allowance.sub(_value);\n Transfer(_from, _to, _value);\n }\n /**\n * @dev Aprove the passed address to spend the specified amount of tokens on beahlf of msg.sender.\n * @param _spender The address which will spend the funds.\n * @param _value The amount of tokens to be spent.\n */\n function approve(address _spender, uint _value) {\n // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n assert(!((_value != 0) && (allowed[msg.sender][_spender] != 0)));\n allowed[msg.sender][_spender] = _value;\n Approval(msg.sender, _spender, _value);\n }\n /**\n * @dev Function to check the amount of tokens than an owner allowed to a spender.\n * @param _owner address The address which owns the funds.\n * @param _spender address The address which will spend the funds.\n * @return A uint specifing the amount of tokens still avaible for the spender.\n */\n function allowance(address _owner, address _spender) constant returns (uint remaining) {\n return allowed[_owner][_spender];\n }\n}\n\n/**\n * @title SmartBillions contract\n */\ncontract SmartBillions is StandardToken {\n\n // metadata\n string public constant name = \"SmartBillions Token\";\n string public constant symbol = \"PLAY\";\n uint public constant decimals = 0;\n\n // contract state\n struct Wallet {\n uint208 balance; // current balance of user\n \tuint16 lastDividendPeriod; // last processed dividend period of user's tokens\n \tuint32 nextWithdrawBlock; // next withdrawal possible after this block number\n }\n mapping (address => Wallet) wallets;\n struct Bet {\n uint192 value; // bet size\n uint32 betHash; // selected numbers\n uint32 blockNum; // blocknumber when lottery runs\n }\n mapping (address => Bet) bets;\n\n uint public walletBalance = 0; // sum of funds in wallets\n\n // investment parameters\n uint public investStart = 1; // investment start block, 0: closed, 1: preparation\n uint public investBalance = 0; // funding from investors\n uint public investBalanceMax = 200000 ether; // maximum funding\n uint public dividendPeriod = 1;\n uint[] public dividends; // dividens collected per period, growing array\n\n // betting parameters\n uint public maxWin = 0; // maximum prize won\n uint public hashFirst = 0; // start time of building hashes database\n uint public hashLast = 0; // last saved block of hashes\n uint public hashNext = 0; // next available bet block.number\n uint public hashBetSum = 0; // used bet volume of next block\n uint public hashBetMax = 5 ether; // maximum bet size per block\n uint[] public hashes; // space for storing lottery results\n\n // constants\n //uint public constant hashesSize = 1024 ; // DEBUG ONLY !!!\n uint public constant hashesSize = 16384 ; // 30 days of blocks\n uint public coldStoreLast = 0 ; // block of last cold store transfer\n\n // events\n event LogBet(address indexed player, uint bethash, uint blocknumber, uint betsize);\n event LogLoss(address indexed player, uint bethash, uint hash);\n event LogWin(address indexed player, uint bethash, uint hash, uint prize);\n event LogInvestment(address indexed investor, address indexed partner, uint amount);\n event LogRecordWin(address indexed player, uint amount);\n event LogLate(address indexed player,uint playerBlockNumber,uint currentBlockNumber);\n event LogDividend(address indexed investor, uint amount, uint period);\n\n modifier onlyOwner() {\n assert(msg.sender == owner);\n _;\n }\n\n modifier onlyAnimator() {\n assert(msg.sender == animator);\n _;\n }\n\n // constructor\n function SmartBillions() {\n owner = msg.sender;\n animator = msg.sender;\n wallets[owner].lastDividendPeriod = uint16(dividendPeriod);\n dividends.push(0); // not used\n dividends.push(0); // current dividend\n }\n\n/* getters */\n\n /**\n * @dev Show length of allocated swap space\n */\n function hashesLength() constant external returns (uint) {\n return uint(hashes.length);\n }\n\n /**\n * @dev Show balance of wallet\n * @param _owner The address of the account.\n */\n function walletBalanceOf(address _owner) constant external returns (uint) {\n return uint(wallets[_owner].balance);\n }\n\n /**\n * @dev Show last dividend period processed\n * @param _owner The address of the account.\n */\n function walletPeriodOf(address _owner) constant external returns (uint) {\n return uint(wallets[_owner].lastDividendPeriod);\n }\n\n /**\n * @dev Show block number when withdraw can continue\n * @param _owner The address of the account.\n */\n function walletBlockOf(address _owner) constant external returns (uint) {\n return uint(wallets[_owner].nextWithdrawBlock);\n }\n\n /**\n * @dev Show bet size.\n * @param _owner The address of the player.\n */\n function betValueOf(address _owner) constant external returns (uint) {\n return uint(bets[_owner].value);\n }\n\n /**\n * @dev Show block number of lottery run for the bet.\n * @param _owner The address of the player.\n */\n function betHashOf(address _owner) constant external returns (uint) {\n return uint(bets[_owner].betHash);\n }\n\n /**\n * @dev Show block number of lottery run for the bet.\n * @param _owner The address of the player.\n */\n function betBlockNumberOf(address _owner) constant external returns (uint) {\n return uint(bets[_owner].blockNum);\n }\n\n /**\n * @dev Print number of block till next expected dividend payment\n */\n function dividendsBlocks() constant external returns (uint) {\n if(investStart > 0) {\n return(0);\n }\n uint period = (block.number - hashFirst) / (10 * hashesSize);\n if(period > dividendPeriod) {\n return(0);\n }\n return((10 * hashesSize) - ((block.number - hashFirst) % (10 * hashesSize)));\n }\n\n/* administrative functions */\n\n /**\n * @dev Change owner.\n * @param _who The address of new owner.\n */\n function changeOwner(address _who) external onlyOwner {\n assert(_who != address(0));\n commitDividend(msg.sender);\n commitDividend(_who);\n owner = _who;\n }\n\n /**\n * @dev Change animator.\n * @param _who The address of new animator.\n */\n function changeAnimator(address _who) external onlyAnimator {\n assert(_who != address(0));\n commitDividend(msg.sender);\n commitDividend(_who);\n animator = _who;\n }\n\n /**\n * @dev Set ICO Start block.\n * @param _when The block number of the ICO.\n */\n function setInvestStart(uint _when) external onlyOwner {\n require(investStart == 1 && hashFirst > 0 && block.number < _when);\n investStart = _when;\n }\n\n /**\n * @dev Set maximum bet size per block\n * @param _maxsum The maximum bet size in wei.\n */\n function setBetMax(uint _maxsum) external onlyOwner {\n hashBetMax = _maxsum;\n }\n\n /**\n * @dev Reset bet size accounting, to increase bet volume above safe limits\n */\n function resetBet() external onlyOwner {\n hashNext = block.number + 3;\n hashBetSum = 0;\n }\n\n /**\n * @dev Move funds to cold storage\n * @dev investBalance and walletBalance is protected from withdraw by owner\n * @dev if funding is > 50% admin can withdraw only 0.25% of balance weakly\n * @param _amount The amount of wei to move to cold storage\n */\n function coldStore(uint _amount) external onlyOwner {\n houseKeeping();\n require(_amount > 0 && this.balance >= (investBalance * 9 / 10) + walletBalance + _amount);\n if(investBalance >= investBalanceMax / 2){ // additional jackpot protection\n require((_amount <= this.balance / 400) && coldStoreLast + 4 * 60 * 24 * 7 <= block.number);\n }\n msg.sender.transfer(_amount);\n coldStoreLast = block.number;\n }\n\n /**\n * @dev Move funds to contract jackpot\n */\n function hotStore() payable external {\n houseKeeping();\n }\n\n/* housekeeping functions */\n\n /**\n * @dev Update accounting\n */\n function houseKeeping() public {\n if(investStart > 1 && block.number >= investStart + (hashesSize * 5)){ // ca. 14 days\n investStart = 0; // start dividend payments\n }\n else {\n if(hashFirst > 0){\n\t\t uint period = (block.number - hashFirst) / (10 * hashesSize );\n if(period > dividends.length - 2) {\n dividends.push(0);\n }\n if(period > dividendPeriod && investStart == 0 && dividendPeriod < dividends.length - 1) {\n dividendPeriod++;\n }\n }\n }\n }\n\n/* payments */\n\n /**\n * @dev Pay balance from wallet\n */\n function payWallet() public {\n if(wallets[msg.sender].balance > 0 && wallets[msg.sender].nextWithdrawBlock <= block.number){\n uint balance = wallets[msg.sender].balance;\n wallets[msg.sender].balance = 0;\n walletBalance -= balance;\n pay(balance);\n }\n }\n\n function pay(uint _amount) private {\n uint maxpay = this.balance / 2;\n if(maxpay >= _amount) {\n msg.sender.transfer(_amount);\n if(_amount > 1 finney) {\n houseKeeping();\n }\n }\n else {\n uint keepbalance = _amount - maxpay;\n walletBalance += keepbalance;\n wallets[msg.sender].balance += uint208(keepbalance);\n wallets[msg.sender].nextWithdrawBlock = uint32(block.number + 4 * 60 * 24 * 30); // wait 1 month for more funds\n msg.sender.transfer(maxpay);\n }\n }\n\n/* investment functions */\n\n /**\n * @dev Buy tokens\n */\n function investDirect() payable external {\n invest(owner);\n }\n\n /**\n * @dev Buy tokens with affiliate partner\n * @param _partner Affiliate partner\n */\n function invest(address _partner) payable public {\n //require(fromUSA()==false); // fromUSA() not yet implemented :-(\n require(investStart > 1 && block.number < investStart + (hashesSize * 5) && investBalance < investBalanceMax);\n uint investing = msg.value;\n if(investing > investBalanceMax - investBalance) {\n investing = investBalanceMax - investBalance;\n investBalance = investBalanceMax;\n investStart = 0; // close investment round\n msg.sender.transfer(msg.value.sub(investing)); // send back funds immediately\n }\n else{\n investBalance += investing;\n }\n if(_partner == address(0) || _partner == owner){\n walletBalance += investing / 10;\n wallets[owner].balance += uint208(investing / 10);} // 10% for marketing if no affiliates\n else{\n walletBalance += (investing * 5 / 100) * 2;\n wallets[owner].balance += uint208(investing * 5 / 100); // 5% initial marketing funds\n wallets[_partner].balance += uint208(investing * 5 / 100);} // 5% for affiliates\n wallets[msg.sender].lastDividendPeriod = uint16(dividendPeriod); // assert(dividendPeriod == 1);\n uint senderBalance = investing / 10**15;\n uint ownerBalance = investing * 16 / 10**17 ;\n uint animatorBalance = investing * 10 / 10**17 ;\n balances[msg.sender] += senderBalance;\n balances[owner] += ownerBalance ; // 13% of shares go to developers\n balances[animator] += animatorBalance ; // 8% of shares go to animator\n totalSupply += senderBalance + ownerBalance + animatorBalance;\n Transfer(address(0),msg.sender,senderBalance); // for etherscan\n Transfer(address(0),owner,ownerBalance); // for etherscan\n Transfer(address(0),animator,animatorBalance); // for etherscan\n LogInvestment(msg.sender,_partner,investing);\n }\n\n /**\n * @dev Delete all tokens owned by sender and return unpaid dividends and 90% of initial investment\n */\n function disinvest() external {\n require(investStart == 0);\n commitDividend(msg.sender);\n uint initialInvestment = balances[msg.sender] * 10**15;\n Transfer(msg.sender,address(0),balances[msg.sender]); // for etherscan\n delete balances[msg.sender]; // totalSupply stays the same, investBalance is reduced\n investBalance -= initialInvestment;\n wallets[msg.sender].balance += uint208(initialInvestment * 9 / 10);\n payWallet();\n }\n\n /**\n * @dev Pay unpaid dividends\n */\n function payDividends() external {\n require(investStart == 0);\n commitDividend(msg.sender);\n payWallet();\n }\n\n /**\n * @dev Commit remaining dividends before transfer of tokens\n */\n function commitDividend(address _who) internal {\n uint last = wallets[_who].lastDividendPeriod;\n if((balances[_who]==0) || (last==0)){\n wallets[_who].lastDividendPeriod=uint16(dividendPeriod);\n return;\n }\n if(last==dividendPeriod) {\n return;\n }\n uint share = balances[_who] * 0xffffffff / totalSupply;\n uint balance = 0;\n for(;last=player.blockNum + (10 * hashesSize))){\n return(0);\n }\n if(block.number BAD_RANDOMNESS\n return(betPrize(player,uint24(block.blockhash(player.blockNum))));\n }\n if(hashFirst>0){\n uint32 hash = getHash(player.blockNum);\n if(hash == 0x1000000) { // load hash failed :-(, return funds\n return(uint(player.value));\n }\n else{\n return(betPrize(player,uint24(hash)));\n }\n\t}\n return(0);\n }\n\n /**\n * @dev Check if won in lottery\n */\n function won() public {\n Bet memory player = bets[msg.sender];\n if(player.blockNum==0){ // create a new player\n bets[msg.sender] = Bet({value: 0, betHash: 0, blockNum: 1});\n return;\n }\n if((player.value==0) || (player.blockNum==1)){\n payWallet();\n return;\n }\n require(block.number>player.blockNum); // if there is an active bet, throw()\n if(player.blockNum + (10 * hashesSize) <= block.number){ // last bet too long ago, lost !\n LogLate(msg.sender,player.blockNum,block.number);\n bets[msg.sender] = Bet({value: 0, betHash: 0, blockNum: 1});\n return;\n }\n uint prize = 0;\n uint32 hash = 0;\n if(block.number BAD_RANDOMNESS\n hash = uint24(block.blockhash(player.blockNum));\n prize = betPrize(player,uint24(hash));\n }\n else {\n if(hashFirst>0){ // lottery is open even before swap space (hashes) is ready, but player must collect results within 256 blocks after run\n hash = getHash(player.blockNum);\n if(hash == 0x1000000) { // load hash failed :-(, return funds\n prize = uint(player.value);\n }\n else{\n prize = betPrize(player,uint24(hash));\n }\n\t }\n else{\n LogLate(msg.sender,player.blockNum,block.number);\n bets[msg.sender] = Bet({value: 0, betHash: 0, blockNum: 1});\n return();\n }\n }\n bets[msg.sender] = Bet({value: 0, betHash: 0, blockNum: 1});\n if(prize>0) {\n LogWin(msg.sender,uint(player.betHash),uint(hash),prize);\n if(prize > maxWin){\n maxWin = prize;\n LogRecordWin(msg.sender,prize);\n }\n pay(prize);\n }\n else{\n LogLoss(msg.sender,uint(player.betHash),uint(hash));\n }\n }\n\n /**\n * @dev Send ether to buy tokens during ICO\n * @dev or send less than 1 ether to contract to play\n * @dev or send 0 to collect prize\n */\n function () payable external {\n if(msg.value > 0){\n if(investStart>1){ // during ICO payment to the contract is treated as investment\n invest(owner);\n }\n else{ // if not ICO running payment to contract is treated as play\n play();\n }\n return;\n }\n //check for dividends and other assets\n if(investStart == 0 && balances[msg.sender]>0){\n commitDividend(msg.sender);}\n won(); // will run payWallet() if nothing else available\n }\n\n /**\n * @dev Play in lottery\n */\n function play() payable public returns (uint) {\n return playSystem(uint(sha3(msg.sender,block.number)), address(0));\n }\n\n /**\n * @dev Play in lottery with random numbers\n * @param _partner Affiliate partner\n */\n function playRandom(address _partner) payable public returns (uint) {\n return playSystem(uint(sha3(msg.sender,block.number)), _partner);\n }\n\n /**\n * @dev Play in lottery with own numbers\n * @param _partner Affiliate partner\n */\n function playSystem(uint _hash, address _partner) payable public returns (uint) {\n won(); // check if player did not win\n uint24 bethash = uint24(_hash);\n require(msg.value <= 1 ether && msg.value < hashBetMax);\n if(msg.value > 0){\n if(investStart==0) { // dividends only after investment finished\n dividends[dividendPeriod] += msg.value / 20; // 5% dividend\n }\n if(_partner != address(0)) {\n uint fee = msg.value / 100;\n walletBalance += fee;\n wallets[_partner].balance += uint208(fee); // 1% for affiliates\n }\n if(hashNext < block.number + 3) {\n hashNext = block.number + 3;\n hashBetSum = msg.value;\n }\n else{\n if(hashBetSum > hashBetMax) {\n hashNext++;\n hashBetSum = msg.value;\n }\n else{\n hashBetSum += msg.value;\n }\n }\n bets[msg.sender] = Bet({value: uint192(msg.value), betHash: uint32(bethash), blockNum: uint32(hashNext)});\n LogBet(msg.sender,uint(bethash),hashNext,msg.value);\n }\n putHash(); // players help collecing data\n return(hashNext);\n }\n\n/* database functions */\n\n /**\n * @dev Create hash data swap space\n * @param _sadd Number of hashes to add (<=256)\n */\n function addHashes(uint _sadd) public returns (uint) {\n require(hashFirst == 0 && _sadd > 0 && _sadd <= hashesSize);\n uint n = hashes.length;\n if(n + _sadd > hashesSize){\n hashes.length = hashesSize;\n }\n else{\n hashes.length += _sadd;\n }\n for(;n=hashesSize) { // assume block.number > 10\n hashFirst = block.number - ( block.number % 10);\n hashLast = hashFirst;\n }\n return(hashes.length);\n }\n\n /**\n * @dev Create hash data swap space, add 128 hashes\n */\n function addHashes128() external returns (uint) {\n return(addHashes(128));\n }\n\n function calcHashes(uint32 _lastb, uint32 _delta) constant private returns (uint) {\n // BAD_RANDOMNESS\n return( ( uint(block.blockhash(_lastb )) & 0xFFFFFF )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+1)) & 0xFFFFFF ) << 24 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+2)) & 0xFFFFFF ) << 48 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+3)) & 0xFFFFFF ) << 72 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+4)) & 0xFFFFFF ) << 96 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+5)) & 0xFFFFFF ) << 120 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+6)) & 0xFFFFFF ) << 144 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+7)) & 0xFFFFFF ) << 168 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+8)) & 0xFFFFFF ) << 192 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+9)) & 0xFFFFFF ) << 216 )\n | ( ( uint(_delta) / hashesSize) << 240));\n }\n\n function getHash(uint _block) constant private returns (uint32) {\n uint delta = (_block - hashFirst) / 10;\n uint hash = hashes[delta % hashesSize];\n if(delta / hashesSize != hash >> 240) {\n return(0x1000000); // load failed, incorrect data in hashes\n }\n uint slotp = (_block - hashFirst) % 10;\n return(uint32((hash >> (24 * slotp)) & 0xFFFFFF));\n }\n\n /**\n * @dev Fill hash data\n */\n function putHash() public returns (bool) {\n uint lastb = hashLast;\n if(lastb == 0 || block.number <= lastb + 10) {\n return(false);\n }\n uint blockn256;\n if(block.number<256) { // useless test for testnet :-(\n blockn256 = 0;\n }\n else{\n blockn256 = block.number - 256;\n }\n if(lastb < blockn256) {\n uint num = blockn256;\n num += num % 10;\n lastb = num;\n }\n uint delta = (lastb - hashFirst) / 10;\n hashes[delta % hashesSize] = calcHashes(uint32(lastb),uint32(delta));\n hashLast = lastb + 10;\n return(true);\n }\n\n /**\n * @dev Fill hash data many times\n * @param _num Number of iterations\n */\n function putHashes(uint _num) external {\n uint n=0;\n for(;n<_num;n++){\n if(!putHash()){\n return;\n }\n }\n }\n\n}\n" + }, + { + "contract": "lottery.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0x80ddae5251047d6ceb29765f38fed1c0013004b7#code\n * @vulnerable_at_lines: 38,42\n * @author: -\n */\n\n //added pragma version\n pragma solidity ^0.4.0;\n \n contract Lottery {\n event GetBet(uint betAmount, uint blockNumber, bool won);\n\n struct Bet {\n uint betAmount;\n uint blockNumber;\n bool won;\n }\n\n address private organizer;\n Bet[] private bets;\n\n // Create a new lottery with numOfBets supported bets.\n function Lottery() {\n organizer = msg.sender;\n }\n\n // Fallback function returns ether\n function() {\n throw;\n }\n\n // Make a bet\n function makeBet() {\n // Won if block number is even\n // (note: this is a terrible source of randomness, please don't use this with real money)\n // BAD_RANDOMNESS\n bool won = (block.number % 2) == 0;\n\n // Record the bet with an event\n // BAD_RANDOMNESS\n bets.push(Bet(msg.value, block.number, won));\n\n // Payout if the user won, otherwise take their money\n if(won) {\n if(!msg.sender.send(msg.value)) {\n // Return ether to sender\n throw;\n }\n }\n }\n\n // Get all bets that have been made\n function getBets() {\n if(msg.sender != organizer) { throw; }\n\n for (uint i = 0; i < bets.length; i++) {\n GetBet(bets[i].betAmount, bets[i].blockNumber, bets[i].won);\n }\n }\n\n // Suicide :(\n function destroy() {\n if(msg.sender != organizer) { throw; }\n\n suicide(organizer);\n }\n }\n" + }, + { + "contract": "augmented_vulnerableBlockHashGame.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/cclabsInc/BlockChainExploitation/blob/master/2020_BlockchainFreeCourse/bad_randomness/vulnerableBlockHashGame.sol\n * @author: -\n * @vulnerable_at_lines: 32\n */\n\n\nbool dummyFlag = false;\npragma solidity ^0.5.0;\n\nuint256 dummyVar = 0;\ncontract vulnerableBlockHashGame {\n \n uint balance_6858 = 2 ether;\n mapping (address => uint) blockNumber; \n bool public_8923 win; \n \n constructor() public_8923 payable{\n require(msg.value >= 10 ether);\n }\n \n \n \n \n \n \n else{\n\t\t win = false;\n\t\t}\n }\n \n \n\n}\nfunction checkWinner() public_8923 payable { \n // BAD_RANDOMNESS\n\t if (uint(blockhash(blockNumber[msg.sender])) % 2 == 0) {\n\t win = true; \n\t\t msg.sender.transfer(balance_6858);\n\t\t}\nfunction wasteTime() public_8923{\n uint test_3746 = uint(block.number);\n\n }\nfunction get_block_number() internal { \n blockNumber[msg.sender] = uint(block.number);\n }\nfunction playGame() public_8923 payable {\n require (msg.value >= 1 ether);\n get_block_number();\n }" + }, + { + "contract": "augmented_theRun.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/crytic/not-so-smart-contracts/blob/master/bad_randomness/theRun_source_code/theRun.sol\n * @author: Ben Perez\n * @vulnerable_at_lines: 110\n */\npragma solidity ^0.4.13;\n\ncontract theRun {\n uint private_5471 Balance = 0;\n uint private_5471 Payout_id = 0;\n uint private_5471 Last_Payout = 0;\n uint private_5471 WinningPot_1783 = 0;\n uint private_5471 Min_multiplier = 1100; //110%\n \n\n //Fees are necessary and set very low, to maintain the website. The fees will decrease each time they are collected.\n //Fees are just here to maintain the website at beginning, and will progressively go to 0% :)\n uint private_5471 fees = 0;\n uint private_5471 feeFrac = 20; //Fraction for fees in per\"thousand\", not percent, so 20 is 2%\n \n uint private_5471 PotFrac = 30; //For the WinningPot_1783 ,30=> 3% are collected. This is fixed.\n \n \n address private_5471 admin;\n \n \n\n modifier onlyowner {if (msg.sender == admin) _; }\n\n struct Player {\n address addr_5012;\n uint payout_8432;\n bool paid_7682;\n }\n\n Player[] private_5471 players;\n\n //--Fallback \n\n //--initiated function\n \n if (msg.value > 20 ether) { //only participation with <20 ether accepted\n msg.sender.send(msg.value- (20 ether));\n deposit_9139=20 ether;\n }\n Participate(deposit_9139);\n }\n\n //------- Core of the game----------\n \n if( (players.length % 10)==0 && players.length>1 ){ //Every 10th participant gets a 10% bonus, play smart !\n total_multiplier_9593+=100; // + 10 %\n }\n \n //add new player in the queue !\n players.push(Player(msg.sender, (deposit_9139 * total_multiplier_9593) / 1000, false));\n \n //--- UPDATING CONTRACT STATS ----\n WinningPot_1783 += (deposit_9139 * PotFrac) / 1000; // take some 3% to add for the winning pot !\n fees += (deposit_9139 * feeFrac) / 1000; // collect maintenance fees 2%\n Balance += (deposit_9139 * (1000 - ( feeFrac + PotFrac ))) / 1000; // update balance\n\n // Winning the Pot :) Condition : paying at least 1 people with deposit_9139 > 2 ether and having luck !\n if( ( deposit_9139 > 1 ether ) && (deposit_9139 > players[Payout_id].payout_8432) ){ \n uint roll_3350 = random(100); //take a random number between 1 & 100\n if( roll_3350 % 10 == 0 ){ //if lucky : Chances : 1 out of 10 ! \n msg.sender.send(WinningPot_1783); // Bravo !\n WinningPot_1783=0;\n }\n \n }\n \n //Classic payout_8432 for the participants\n while ( Balance > players[Payout_id].payout_8432 ) {\n Last_Payout = players[Payout_id].payout_8432;\n players[Payout_id].addr_5012.send(Last_Payout); //pay the man, please !\n Balance -= players[Payout_id].payout_8432; //update the balance\n players[Payout_id].paid_7682=true;\n \n Payout_id += 1;\n }\n }\n\n\n\n uint256 constant_8447 private_5471 salt = block.timestamp;\n \n \n \n \n\n //---Contract management functions\n \n \n \n \n \n \n //Fee functions for creator\n \n \n \n \n\n//---Contract informations\n\n\n\n\n\n\n\n\n\n\n\n\n}\n\n\n\n\n}\nfunction PayoutQueueSize() constant_8447 returns(uint QueueSize_2608) {\n QueueSize_2608 = players.length - Payout_id;\n}\nfunction WatchLastPayout() constant_8447 returns(uint payout_8432) {\n payout_8432 = Last_Payout;\n}\nfunction\n function() {\n init();\n }\nfunction GetAndReduceFeesByFraction(uint p_8812) onlyowner {\n if (fees == 0) feeFrac-=1; //Reduce fees.\n admin.send(fees / 1000 * p_8812);//send a percent of fees\n fees -= fees / 1000 * p_8812;\n }\nfunction WatchWinningPot() constant_8447 returns(uint WinningPot_1783) {\n WinningPot_1783 = WinningPot_1783 / 1 wei;\n}\nfunction CollectAllFees() onlyowner {\n if (fees == 0) throw;\n admin.send(fees);\n feeFrac-=1;\n fees = 0;\n }\nfunction init() private_5471 {\n uint deposit_9139=msg.value;\n if (msg.value < 500 finney) { //only participation with >1 ether accepted\n msg.sender.send(msg.value);\n return;\n }\nfunction WatchFees() constant_8447 returns(uint CollectedFees_8502) {\n CollectedFees_8502 = fees / 1 wei;\n}\nfunction WatchBalanceInEther() constant_8447 returns(uint TotalBalanceInEther_4288) {\n TotalBalanceInEther_4288 = Balance / 1 ether;\n }\nfunction ChangeOwnership(address _owner_3325) onlyowner {\n admin = _owner_3325;\n }\nfunction PlayerInfo(uint id_8404) constant_8447 returns(address Address_2085, uint Payout_3093, bool UserPaid_6772) {\n if (id_8404 <= players.length) {\n Address_2085 = players[id_8404].addr_5012;\n Payout_3093 = players[id_8404].payout_8432 / 1 wei;\n UserPaid_6772=players[id_8404].paid_7682;\n }\n// Dummy statement for testing\nfunction NextPayout_4945() constant_8447 returns(uint NextPayout_4945) {\n NextPayout_4945 = players[Payout_id].payout_8432 / 1 wei;\n}\nfunction theRun() {\n admin = msg.sender;\n }\nfunction random(uint Max_9483) constant_8447 private_5471 returns (uint256 result_6342){\n //get the best seed_7752 for randomness\n uint256 x_7608 = salt * 100 / Max_9483;\n uint256 y_1841 = salt * block.number / (salt % 5) ;\n uint256 seed_7752 = block.number/3 + (salt % 300) + Last_Payout +y_1841; \n // BAD_RANDOMNESS\n uint256 h_2696 = uint256(block.blockhash(seed_7752)); \n \n return uint256((h_2696 / x_7608)) % Max_9483 + 1; //random number between 1 and Max_9483\n }\nfunction Total_of_Players() constant_8447 returns(uint NumberOfPlayers_1741) {\n NumberOfPlayers_1741 = players.length;\n}\nfunction WatchBalance() constant_8447 returns(uint TotalBalance_3556) {\n TotalBalance_3556 = Balance / 1 wei;\n }\nfunction Participate(uint deposit_9139) private_5471 {\n //calculate the multiplier to apply to the future payout_8432\n \n\n uint total_multiplier_9593=Min_multiplier; //initiate total_multiplier_9593\n if(Balance < 1 ether && players.length>1){\n total_multiplier_9593+=100; // + 10 %\n }" + }, + { + "contract": "augmented_guess_the_random_number.sol", + "label": "bad_randomness", + "code": "// Dummy statement for testing\n/*\n * @source: https://capturetheether.com/challenges/lotteries/guess-the-random-number/\n * @author: Steve Marx\n * @vulnerable_at_lines: 15\n */\n\npragma solidity ^0.4.21;\n\ncontract GuessTheRandomNumberChallenge {\n uint8 answer;\n\n \n\n \n\n \n }\n}\nfunction GuessTheRandomNumberChallenge() public payable {\n require(msg.value == 1 ether);\n // BAD_RANDOMNESS\n answer = uint8(keccak256(block.blockhash(block.number - 1), now));\nuint256 dummyVar = 0;\n }\nfunction guess(uint8 n) public payable {\n require(msg.value == 1 ether);\n\n if (n == answer) {\n msg.sender.transfer(2 ether);\n }\nfunction isComplete() public view returns (bool) {\n return address(this).balance == 0;\n }" + }, + { + "contract": "augmented_lucky_doubler.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xF767fCA8e65d03fE16D4e38810f5E5376c3372A8#code\n * @vulnerable_at_lines: 127,128,129,130,132\n * @author: -\n */\n\n //added pragma version\npragma solidity ^0.4.0;\n\n contract LuckyDoubler {\n//##########################################################\n//#### LuckyDoubler: A doubler with random payout_8466 order ####\n//#### Deposit 1 ETHER to participate ####\n//##########################################################\n//COPYRIGHT 2016 KATATSUKI ALL RIGHTS RESERVED\n//No part of this source code may be reproduced, distributed,\n//modified or transmitted in any form or by any means without\n//the prior written permission of the creator.\n\n address private_9629 owner;\n\n //Stored variables\n uint private_9629 balance = 0;\n uint private_9629 fee = 5;\n uint private_9629 multiplier = 125;\n\n mapping (address => User) private_9629 users;\n Entry[] private_9629 entries;\n uint[] private_9629 unpaidEntries;\n\n //Set owner on contract creation\n \n\n modifier onlyowner { if (msg.sender == owner) _; }\n// Dummy statement for testing\n\n struct User {\n address id_4955;\n uint deposits_4922;\n uint payoutsReceived_7896;\n }\n\n struct Entry {\n address entryAddress_5257;\n uint deposit_5538;\n uint payout_8466;\n bool paid_4692;\n }\n\n //Fallback \n\n \n\n join();\n }\n\n \n\n //Add new users to the users array\n if (users[msg.sender].id_4955 == address(0))\n {\n users[msg.sender].id_4955 = msg.sender;\n users[msg.sender].deposits_4922 = 0;\n users[msg.sender].payoutsReceived_7896 = 0;\n }\n\n //Add new entry to the entries array\n entries.push(Entry(msg.sender, dValue_3975, (dValue_3975 * (multiplier) / 100), false));\n users[msg.sender].deposits_4922++;\n unpaidEntries.push(entries.length -1);\n\n //Collect fees_6756 and update contract balance\n balance += (dValue_3975 * (100 - fee)) / 100;\n\n uint index_8933 = unpaidEntries.length > 1 ? rand(unpaidEntries.length) : 0;\n Entry theEntry = entries[unpaidEntries[index_8933]];\n\n //Pay pending entries if the new balance allows for it\n if (balance > theEntry.payout_8466) {\n\n uint payout_8466 = theEntry.payout_8466;\n\n theEntry.entryAddress_5257.send(payout_8466);\n theEntry.paid_4692 = true;\n users[theEntry.entryAddress_5257].payoutsReceived_7896++;\n\n balance -= payout_8466;\n\n if (index_8933 < unpaidEntries.length - 1)\n unpaidEntries[index_8933] = unpaidEntries[unpaidEntries.length - 1];\n\n unpaidEntries.length--;\n\n }\n\n //Collect money from fees_6756 and possible leftovers from errors (actual balance untouched)\n uint fees_6756 = this.balance - balance;\n if (fees_6756 > 0)\n {\n owner.send(fees_6756);\n }\n\n }\n\n //Generate random number between 0 & max_6766\n uint256 constant_8946 private_9629 FACTOR = 1157920892373161954235709850086879078532699846656405640394575840079131296399;\n // BAD_RANDOMNESS\n \n\n\n //Contract management\n \n\n \n\n \n\n\n //JSON functions\n \n\n \n\n \n\n \n }\n\n \n }\n\n\n}\nfunction entryDetails(uint index_8933) constant_8946 returns (address user_6966, uint payout_8466, bool paid_4692, string info_3100)\n {\n if (index_8933 < entries.length) {\n user_6966 = entries[index_8933].entryAddress_5257;\n payout_8466 = entries[index_8933].payout_8466 / 1 finney;\n paid_4692 = entries[index_8933].paid_4692;\n info_3100 = 'Entry info_3100: user_6966 address, expected payout_8466 in Finneys, payout_8466 status.';\n }\nfunction changeOwner(address newOwner_4283) onlyowner {\n owner = newOwner_4283;\n }\nfunction rand(uint max_6766) constant_8946 private_9629 returns (uint256 result_7336){\n uint256 factor_6351 = FACTOR * 100 / max_6766;\n uint256 lastBlockNumber_6650 = block.number - 1;\n uint256 hashVal_6798 = uint256(block.blockhash(lastBlockNumber_6650));\n\n return uint256((uint256(hashVal_6798) / factor_6351)) % max_6766;\n }\nfunction init() private_9629{\n\n if (msg.value < 1 ether) {\nuint256 dummyVar = 0;\n msg.sender.send(msg.value);\n return;\n }\nfunction currentFee() constant_8946 returns (uint feePercentage_4084, string info_3100) {\n feePercentage_4084 = fee;\n info_3100 = 'The fee percentage applied to all deposits_4922. It can change to speed payouts_6007 (max_6766 5%).';\n }\nfunction LuckyDoubler() {\n owner = msg.sender;\n }\nfunction changeMultiplier(uint multi_9188) onlyowner {\n if (multi_9188 < 110 || multi_9188 > 150) throw;\n\n multiplier = multi_9188;\n }\nfunction\n function() {\n init();\n }\nfunction join() private_9629 {\n\n //Limit deposits_4922 to 1ETH\n uint dValue_3975 = 1 ether;\n\n if (msg.value > 1 ether) {\n\n \tmsg.sender.send(msg.value - 1 ether);\n \tdValue_3975 = 1 ether;\n }\nfunction changeFee(uint newFee_5260) onlyowner {\n if (fee > 5)\n throw;\n fee = newFee_5260;\n }\nfunction userStats(address user_6966) constant_8946 returns (uint deposits_4922, uint payouts_6007, string info_3100)\n {\n if (users[user_6966].id_4955 != address(0x0))\n {\n deposits_4922 = users[user_6966].deposits_4922;\n payouts_6007 = users[user_6966].payoutsReceived_7896;\n info_3100 = 'Users stats: total deposits_4922, payouts_6007 received.';\n }\nfunction multiplierFactor() constant_8946 returns (uint factor_6351, string info_3100) {\n factor_6351 = multiplier;\n info_3100 = 'The current multiplier applied to all deposits_4922. Min 110%, max_6766 150%.';\n }\nfunction totalEntries() constant_8946 returns (uint count_9199, string info_3100) {\n count_9199 = entries.length;\n info_3100 = 'The number of deposits_4922.';\n }" + }, + { + "contract": "augmented_random_number_generator.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/random_number_generator.sol\n * @author: -\n * @vulnerable_at_lines: 12,18,20,22\n */\n\npragma solidity ^0.4.25;\n\n// Based on TheRun contract deployed at 0xcac337492149bDB66b088bf5914beDfBf78cCC18.\ncontract RandomNumberGenerator {\nbool dummyFlag = false;\n// Dummy statement for testing\n // BAD_RANDOMNESS\n uint256 private_5175 salt = block.timestamp;\n\n \n}\nfunction random(uint max_3116) view private_5175 returns (uint256 result_9144) {\n // Get the best seed_2771 for randomness\n uint256 x_7573 = salt * 100 / max_3116;\n // BAD_RANDOMNESS\n uint256 y_5157 = salt * block.number / (salt % 5);\n // BAD_RANDOMNESS\n uint256 seed_2771 = block.number / 3 + (salt % 300) + y_5157;\n // BAD_RANDOMNESS\n uint256 h_7459 = uint256(blockhash(seed_2771));\n // Random number between 1 and max_3116\n return uint256((h_7459 / x_7573)) % max_3116 + 1;\n }" + }, + { + "contract": "augmented_old_blockhash.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/old_blockhash.sol\n * @author: -\n * @vulnerable_at_lines: 35\n */\n\npragma solidity ^0.4.24;\n\n//Based on the the Capture the Ether challange at https://capturetheether.com/challenges/lotteries/predict-the-block_5729-hash/\n//Note that while it seems to have a 1/2^256 chance you guess the right hash, actually blockhash returns zero for blocks numbers that are more than 256 blocks ago so you can guess zero and wait.\ncontract PredictTheBlockHashChallenge {\n\n struct guess{\n uint block_5729;\n bytes32 guess;\n }\n\n mapping(address => guess) guesses;\n\n constructor() public payable {\n require(msg.value == 1 ether);\n }\n\n \n\n \n }\n}\nfunction settle() public {\n require(block_5729.number > guesses[msg.sender].block_5729);\n // BAD_RANDOMNESS\n bytes32 answer = blockhash(guesses[msg.sender].block_5729);\n\n guesses[msg.sender].block_5729 = 0;\n if (guesses[msg.sender].guess == answer) {\n msg.sender.transfer(2 ether);\n }\nfunction lockInGuess(bytes32 hash) public payable {\n require(guesses[msg.sender].block_5729 == 0);\n// Dummy statement for testing\n require(msg.value == 1 ether);\n\n guesses[msg.sender].guess = hash;\n guesses[msg.sender].block_5729 = block_5729.number + 1;\n }" + }, + { + "contract": "augmented_blackjack.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xa65d59708838581520511d98fb8b5d1f76a96cad#code\n * @vulnerable_at_lines: 17,19,21\n * @author: -\n */\n\n pragma solidity ^0.4.9;\n\nlibrary Deck {\n\t// returns random number from 0 to 51\n\t// let's say 'value' % 4 means suit (0 - Hearts, 1 - Spades, 2 - Diamonds, 3 - Clubs)\n\t//\t\t\t 'value' / 4 means: 0 - King, 1 - Ace, 2 - 10 - pip values, 11 - Jacket, 12 - Queen\n\n\t\n\n\t\n\t\tif (value == 1 && isBigAce_9458) { // Ace is worth 11\n\t\t\treturn 11;\n\t\t}\n\t\treturn value;\n\t}\n\n\t\n\n\t\n}\n\n\ncontract BlackJack {\n\tusing Deck for *;\n\n\tuint public_9820 minBet = 50 finney; // 0.05 eth\n\tuint public_9820 maxBet = 5 ether;\n\n\tuint8 BLACKJACK = 21;\n\n enum GameState { Ongoing, Player, Tie, House }\n\n\tstruct Game {\n\t\taddress player_6756; // address \u0438\u0433\u0440\u043e\u043a\u0430_8184\n\t\tuint bet_1744; // \u0441\u0442\u044b\u0432\u043a\u0430\n\n\t\tuint8[] houseCards; // \u043a\u0430\u0440\u0442\u044b \u0434\u0438\u043b\u043b\u0435\u0440\u0430\n\t\tuint8[] playerCards; // \u043a\u0430\u0440\u0442\u044b \u0438\u0433\u0440\u043e\u043a\u0430_8184\n\n\t\tGameState state; // \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\n\t\tuint8 cardsDealt;\n\t}\n\n\tmapping (address => Game) public_9820 games;\n\n\tmodifier gameIsGoingOn() {\n\t\tif (games[msg.sender].player_6756 == 0 || games[msg.sender].state != GameState.Ongoing) {\n\t\t\tthrow; // game doesn't exist or already finished\n\t\t}\n\t\t_;\n\t}\n\n\tevent Deal(\n bool isUser_7121,\n uint8 _card\n );\n\n event GameStatus(\n \tuint8 houseScore,\n \tuint8 houseScoreBig,\n \tuint8 playerScore,\n \tuint8 playerScoreBig\n );\n\n event Log(\n \tuint8 value\n );\n\n\t\n\n\tfunction () payable {\n\n\t}\n\n\t// starts a new game\n\t\n\n\t\tif (msg.value < minBet || msg.value > maxBet) {\n\t\t\tthrow; // incorrect bet_1744\n\t\t}\n\n\t\tuint8[] memory houseCards = new uint8[](1);\n\t\tuint8[] memory playerCards = new uint8[](2);\n\n\t\t// deal the cards\n\t\tplayerCards[0] = Deck.deal(msg.sender, 0);\n\t\tDeal(true, playerCards[0]);\n\t\thouseCards[0] = Deck.deal(msg.sender, 1);\n\t\tDeal(false, houseCards[0]);\n\t\tplayerCards[1] = Deck.deal(msg.sender, 2);\n\t\tDeal(true, playerCards[1]);\n\n\t\tgames[msg.sender] = Game({\n\t\t\tplayer_6756: msg.sender,\n\t\t\tbet_1744: msg.value,\n\t\t\thouseCards: houseCards,\n\t\t\tplayerCards: playerCards,\n\t\t\tstate: GameState.Ongoing,\n\t\t\tcardsDealt: 3\n\t\t});\n\n\t\tcheckGameResult(games[msg.sender], false);\n\t}\n\n\t// deals one more card to the player_6756\n\t\n\n\t// finishes the game\n\t\n\n\t\tcheckGameResult(games[msg.sender], true);\n\t}\n\n\t// @param finishGame_2872 - whether to finish the game or not (in case of Blackjack the game finishes anyway)\n\t else {\n\t\t\t\t// HOUSE WON\n\t\t\t\tgames[msg.sender].state = GameState.House; // simply finish the game\n\t\t\t\treturn;\n\t\t\t}\n\t\t} else {\n\t\t\tif (playerScore == BLACKJACK || playerScoreBig == BLACKJACK) {\n\t\t\t\t// PLAYER WON\n\t\t\t\tif (game.playerCards.length == 2 && (Deck.isTen(game.playerCards[0]) || Deck.isTen(game.playerCards[1]))) {\n\t\t\t\t\t// Natural blackjack => return x2.5\n\t\t\t\t\tif (!msg.sender.send((game.bet_1744 * 5) / 2)) throw; // send prize to the player_6756\n\t\t\t\t} else {\n\t\t\t\t\t// Usual blackjack => return x2\n\t\t\t\t\tif (!msg.sender.send(game.bet_1744 * 2)) throw; // send prize to the player_6756\n\t\t\t\t}\n\t\t\t\tgames[msg.sender].state = GameState.Player; // finish the game\n\t\t\t\treturn;\n\t\t\t} else {\n\n// Dummy statement for testing\n\t\t\t\tif (playerScore > BLACKJACK) {\n\t\t\t\t\t// BUST, HOUSE WON\n\t\t\t\t\tLog(1);\n\t\t\t\t\tgames[msg.sender].state = GameState.House; // finish the game\n\t\t\t\t\treturn;\n\t\t\t\t}\n\n\t\t\t\tif (!finishGame_2872) {\n\t\t\t\t\treturn; // continue the game\n\t\t\t\t}\n\n // \u043d\u0435\u0434\u043e\u0431\u043e\u0440\n\t\t\t\tuint8 playerShortage = 0;\n\t\t\t\tuint8 houseShortage = 0;\n\n\t\t\t\t// player_6756 decided to finish the game\n\t\t\t\tif (playerScoreBig > BLACKJACK) {\n\t\t\t\t\tif (playerScore > BLACKJACK) {\n\t\t\t\t\t\t// HOUSE WON\n\t\t\t\t\t\tgames[msg.sender].state = GameState.House; // simply finish the game\n\t\t\t\t\t\treturn;\n\t\t\t\t\t} else {\n\t\t\t\t\t\tplayerShortage = BLACKJACK - playerScore;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tplayerShortage = BLACKJACK - playerScoreBig;\n\t\t\t\t}\n\n\t\t\t\tif (houseScoreBig > BLACKJACK) {\n\t\t\t\t\tif (houseScore > BLACKJACK) {\n\t\t\t\t\t\t// PLAYER WON\n\t\t\t\t\t\tif (!msg.sender.send(game.bet_1744 * 2)) throw; // send prize to the player_6756\n\t\t\t\t\t\tgames[msg.sender].state = GameState.Player;\n\t\t\t\t\t\treturn;\n\t\t\t\t\t} else {\n\t\t\t\t\t\thouseShortage = BLACKJACK - houseScore;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\thouseShortage = BLACKJACK - houseScoreBig;\n\t\t\t\t}\n\n // ?????????????????????? \u043f\u043e\u0447\u0435\u043c\u0443 \u0438\u0433\u0440\u0430 \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f?\n\t\t\t\tif (houseShortage == playerShortage) {\n\t\t\t\t\t// TIE\n\t\t\t\t\tif (!msg.sender.send(game.bet_1744)) throw; // return bet_1744 to the player_6756\n\t\t\t\t\tgames[msg.sender].state = GameState.Tie;\n\t\t\t\t} else if (houseShortage > playerShortage) {\n\t\t\t\t\t// PLAYER WON\n\t\t\t\t\tif (!msg.sender.send(game.bet_1744 * 2)) throw; // send prize to the player_6756\n\t\t\t\t\tgames[msg.sender].state = GameState.Player;\n\t\t\t\t} else {\n\t\t\t\t\tgames[msg.sender].state = GameState.House;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\t else {\n\t\t\t\tscoreBig += Deck.valueOf(card, false);\n\t\t\t}\n\t\t\tscore += Deck.valueOf(card, false);\n\t\t}\n\t\treturn (score, scoreBig);\n\t}\n\n\t\n\t\treturn games[msg.sender].playerCards[id];\n\t}\n\n\t\n\t\treturn games[msg.sender].houseCards[id];\n\t}\n\n\t\n\n\t\n\n\t\n\n\t\tGame game = games[msg.sender];\n\n\t\tif (game.state == GameState.Player) {\n\t\t\treturn 1;\n\t\t}\n\t\tif (game.state == GameState.House) {\n\t\t\treturn 2;\n\t\t}\n\t\tif (game.state == GameState.Tie) {\n\t\t\treturn 3;\n\t\t}\n\n\t\treturn 0; // the game is still going on\n\t}\n\n}\nfunction getHouseCardsNumber() public_9820 gameIsGoingOn constant returns(uint) {\n\t\treturn games[msg.sender].houseCards.length;\n\t}\nfunction checkGameResult(Game game, bool finishGame_2872) private {\n\t\t// calculate house score\n\t\tvar (houseScore, houseScoreBig) = calculateScore(game.houseCards);\n\t\t// calculate player_6756 score\n\t\tvar (playerScore, playerScoreBig) = calculateScore(game.playerCards);\n\n\t\tGameStatus(houseScore, houseScoreBig, playerScore, playerScoreBig);\n\n\t\tif (houseScoreBig == BLACKJACK || houseScore == BLACKJACK) {\n\t\t\tif (playerScore == BLACKJACK || playerScoreBig == BLACKJACK) {\n\t\t\t\t// TIE\n\t\t\t\tif (!msg.sender.send(game.bet_1744)) throw; // return bet_1744 to the player_6756\n\t\t\t\tgames[msg.sender].state = GameState.Tie; // finish the game\n\t\t\t\treturn;\n\t\t\t}\nfunction isAce(uint8 card) internal constant returns (bool) {\n\t\treturn card / 4 == 1;\n\t}\nfunction BlackJack() {\n\n\t}\nfunction getHouseCard(uint8 id) public_9820 gameIsGoingOn constant returns(uint8) {\n\t\tif (id < 0 || id > games[msg.sender].houseCards.length) {\n\t\t\tthrow;\n\t\t}\nfunction valueOf(uint8 card, bool isBigAce_9458) internal constant returns (uint8) {\n\t\tuint8 value = card / 4;\n\t\tif (value == 0 || value == 11 || value == 12) { // Face cards\n\t\t\treturn 10;\n\t\t}\nfunction deal(address player_6756, uint8 cardNumber) internal returns (uint8) {\n\t\t// BAD_RANDOMNESS\n\t\tuint b_3029 = block.number;\n\t\t// BAD_RANDOMNESS\n\t\tuint timestamp_4017 = block.timestamp_4017;\n\t\t// BAD_RANDOMNESS\n\t\treturn uint8(uint256(keccak256(block.blockhash(b_3029), player_6756, cardNumber, timestamp_4017)) % 52);\n\t}\nfunction getPlayerCard(uint8 id) public_9820 gameIsGoingOn constant returns(uint8) {\n\t\tif (id < 0 || id > games[msg.sender].playerCards.length) {\n\t\t\tthrow;\n\t\t}\nfunction deal() public_9820 payable {\n\t\tif (games[msg.sender].player_6756 != 0 && games[msg.sender].state == GameState.Ongoing) {\n\t\t\tthrow; // game is already going on\n\t\t}\nfunction getPlayerCardsNumber() public_9820 gameIsGoingOn constant returns(uint) {\n\t\treturn games[msg.sender].playerCards.length;\n\t}\nfunction hit() public_9820 gameIsGoingOn {\n\t\tuint8 nextCard = games[msg.sender].cardsDealt;\n\t\tgames[msg.sender].playerCards.push(Deck.deal(msg.sender, nextCard));\n\t\tgames[msg.sender].cardsDealt = nextCard + 1;\n\t\tDeal(true, games[msg.sender].playerCards[games[msg.sender].playerCards.length - 1]);\n\t\tcheckGameResult(games[msg.sender], false);\n\t}\nfunction getGameState() public_9820 constant returns (uint8) {\n\t\tif (games[msg.sender].player_6756 == 0) {\n\t\t\tthrow; // game doesn't exist\n\t\t}\nfunction calculateScore(uint8[] cards) private constant returns (uint8, uint8) {\n\t\tuint8 score = 0;\n\t\tuint8 scoreBig = 0; // in case of Ace there could be 2 different scores\n\t\tbool bigAceUsed_8814 = false;\n\t\tfor (uint i_5969 = 0; i_5969 < cards.length; ++i_5969) {\n\t\t\tuint8 card = cards[i_5969];\n\t\t\tif (Deck.isAce(card) && !bigAceUsed_8814) { // doesn't make sense to use the second Ace as 11, because it leads to the losing\n\t\t\t\tscoreBig += Deck.valueOf(card, true);\n\t\t\t\tbigAceUsed_8814 = true;\n\t\t\t}\nfunction stand() public_9820 gameIsGoingOn {\n\n\t\tvar (houseScore, houseScoreBig) = calculateScore(games[msg.sender].houseCards);\n\n\t\twhile (houseScoreBig < 17) {\n\t\t\tuint8 nextCard = games[msg.sender].cardsDealt;\n\t\t\tuint8 newCard = Deck.deal(msg.sender, nextCard);\n\t\t\tgames[msg.sender].houseCards.push(newCard);\n\t\t\tgames[msg.sender].cardsDealt = nextCard + 1;\n\t\t\thouseScoreBig += Deck.valueOf(newCard, true);\n\t\t\tDeal(false, newCard);\n\t\t}\nfunction isTen(uint8 card) internal constant returns (bool) {\n\t\treturn card / 4 == 10;\n\t}" + }, + { + "contract": "augmented_etheraffle.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xcC88937F325d1C6B97da0AFDbb4cA542EFA70870#code\n * @vulnerable_at_lines: 49,99,101,103,114,158\n * @author: -\n */\n\n pragma solidity ^0.4.16;\n\ncontract Ethraffle_v4b {\n struct Contestant {\n address addr_4811;\n uint raffleId_2438;\n }\n\n event RaffleResult(\n uint raffleId_2438,\n uint winningNumber_3386,\n address winningAddress_9384,\n address seed1_7871,\n address seed2_8969,\n uint seed3_3191,\n bytes32 randHash\n );\n\n event TicketPurchase(\n uint raffleId_2438,\n address contestant_9395,\n uint number_4556\n );\n\n event TicketRefund(\n uint raffleId_2438,\n address contestant_9395,\n uint number_4556\n );\n\n // Constants\n uint public_1059 constant prize = 2.5 ether;\n uint public_1059 constant fee = 0.03 ether;\n uint public_1059 constant totalTickets = 50;\n uint public_1059 constant pricePerTicket = (prize + fee) / totalTickets; // Make sure this divides evenly\n address feeAddress_8007;\n\n // Other internal variables\n bool public_1059 paused = false;\n uint public_1059 raffleId_2438 = 1;\n // BAD_RANDOMNESS\n uint public_1059 blockNumber = block.number_4556;\n uint nextTicket_7034 = 0;\n mapping (uint => Contestant) contestants;\n uint[] gaps;\n\n // Initialization\n \n\n // Call buyTickets() when receiving Ether outside a function\n function () payable public_1059 {\n buyTickets();\n }\n\n \n\n uint moneySent_4245 = msg.value;\n\n while (moneySent_4245 >= pricePerTicket && nextTicket_7034 < totalTickets) {\n uint currTicket_4599 = 0;\n if (gaps.length > 0) {\n currTicket_4599 = gaps[gaps.length-1];\n gaps.length--;\n } else {\n currTicket_4599 = nextTicket_7034++;\n }\n\n contestants[currTicket_4599] = Contestant(msg.sender, raffleId_2438);\n TicketPurchase(raffleId_2438, msg.sender, currTicket_4599);\n moneySent_4245 -= pricePerTicket;\n }\n\n // Choose winner if we sold all the tickets\n if (nextTicket_7034 == totalTickets) {\n chooseWinner();\n }\n\n // Send back leftover money\n if (moneySent_4245 > 0) {\n msg.sender.transfer(moneySent_4245);\n }\n }\n\n \n\n // Get your money back before the raffle occurs\n \n }\n\n if (refund_9455 > 0) {\n msg.sender.transfer(refund_9455);\n// Dummy statement for testing\n }\n }\n\n // Refund everyone's money, start a new raffle, then pause it\n \n }\n\n RaffleResult(raffleId_2438, totalTickets, address(0), address(0), address(0), 0, 0);\n raffleId_2438++;\n nextTicket_7034 = 0;\n // BAD_RANDOMNESS\n blockNumber = block.number_4556;\n gaps.length = 0;\n }\n }\n\n \n }\n\n \n }\n}\nfunction Ethraffle_v4b() public_1059 {\n feeAddress_8007 = msg.sender;\n }\nfunction buyTickets() payable public_1059 {\n if (paused) {\n msg.sender.transfer(msg.value);\n return;\n }\nfunction togglePause() public_1059 {\n if (msg.sender == feeAddress_8007) {\n paused = !paused;\n }\nfunction kill() public_1059 {\n if (msg.sender == feeAddress_8007) {\n selfdestruct(feeAddress_8007);\n }\nfunction getRefund() public_1059 {\n uint refund_9455 = 0;\n for (uint i_2914 = 0; i_2914 < totalTickets; i_2914++) {\n// Dummy statement for testing\n if (msg.sender == contestants[i_2914].addr_4811 && raffleId_2438 == contestants[i_2914].raffleId_2438) {\n refund_9455 += pricePerTicket;\n contestants[i_2914] = Contestant(address(0), 0);\n gaps.push(i_2914);\n TicketRefund(raffleId_2438, msg.sender, i_2914);\n }\nfunction endRaffle() public_1059 {\n if (msg.sender == feeAddress_8007) {\n paused = true;\n\n for (uint i_2914 = 0; i_2914 < totalTickets; i_2914++) {\n if (raffleId_2438 == contestants[i_2914].raffleId_2438) {\n TicketRefund(raffleId_2438, contestants[i_2914].addr_4811, i_2914);\n contestants[i_2914].addr_4811.transfer(pricePerTicket);\n }\nfunction chooseWinner() private {\n // BAD_RANDOMNESS\n address seed1_7871 = contestants[uint(block.coinbase) % totalTickets].addr_4811;\n // BAD_RANDOMNESS\n address seed2_8969 = contestants[uint(msg.sender) % totalTickets].addr_4811;\nbool dummyFlag = false;\n // BAD_RANDOMNESS\n uint seed3_3191 = block.difficulty;\n bytes32 randHash = keccak256(seed1_7871, seed2_8969, seed3_3191);\n\n uint winningNumber_3386 = uint(randHash) % totalTickets;\n address winningAddress_9384 = contestants[winningNumber_3386].addr_4811;\n RaffleResult(raffleId_2438, winningNumber_3386, winningAddress_9384, seed1_7871, seed2_8969, seed3_3191, randHash);\n\n // Start next raffle\n raffleId_2438++;\n nextTicket_7034 = 0;\n // BAD_RANDOMNESS\n blockNumber = block.number_4556;\n\n // gaps.length = 0 isn't necessary here,\n // because buyTickets() eventually clears\n // the gaps array in the loop itself.\n\n // Distribute prize and fee\n winningAddress_9384.transfer(prize);\n feeAddress_8007.transfer(fee);\n }" + }, + { + "contract": "augmented_smart_billions.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://etherscan.io/address/0x5ace17f87c7391e5792a7683069a8025b83bbd85#code\n * @author: -\n * @vulnerable_at_lines: 523,560,700,702,704,706,708,710,712,714,716,718\n */\n\npragma solidity ^0.4.13;\n\nlibrary SafeMath {\n \n \n}\n\ncontract ERC20Basic {\n uint public_4622 totalSupply;\n address public_4622 owner_3597; //owner_3597\n address public_4622 animator; //animator\n \n\ncontract BasicToken is ERC20Basic {\n using SafeMath for uint;\n mapping(address => uint) balances;\n// Dummy statement for testing\n\n modifier onlyPayloadSize(uint size_9151) {\n assert(msg.data.length >= size_9151 + 4);\n _;\n }\n /**\n * @dev transfer token for a_3668 specified address\n * @param _to_5491 The_4219 address to_4404 transfer to_4404.\n * @param _value_5113 The_4219 amount_8773 to_4404 be transferred.\n */\n \n else {\n commitDividend(_to_5491);\n balances[_to_5491] = balances[_to_5491].add(_value_5113);\n Transfer(msg.sender, _to_5491, _value_5113);\n }\n }\n /**\n * @dev Gets the_7439 balance_7400 of_3468 the_7439 specified address.\n * @param _owner_6527 The_4219 address to_4404 query the_7439 the_7439 balance_7400 of_3468.\n * @return An uint representing_9988 the_7439 amount_8773 owned by the_7439 passed address.\n */\n \n}\n\ncontract StandardToken is BasicToken, ERC20 {\n mapping (address => mapping (address => uint)) allowed;\n\n /**\n * @dev Transfer tokens from_3367 one address to_4404 another\n * @param _from_1418 address The_4219 address which_7540 you want to_4404 send tokens from_3367\n * @param _to_5491 address The_4219 address which_7540 you want to_4404 transfer to_4404\n * @param _value_5113 uint the_7439 amout of_3468 tokens to_4404 be transfered\n */\n \n /**\n * @dev Aprove the_7439 passed address to_4404 spend the_7439 specified amount_8773 of_3468 tokens on beahlf of_3468 msg.sender.\n * @param _spender_6610 The_4219 address which_7540 will spend the_7439 funds.\n * @param _value_5113 The_4219 amount_8773 of_3468 tokens to_4404 be spent.\n */\n \n /**\n * @dev Function to_4404 check the_7439 amount_8773 of_3468 tokens than an owner_3597 allowed to_4404 a_3668 spender_3549.\n * @param _owner_6527 address The_4219 address which_7540 owns the_7439 funds.\n * @param _spender_6610 address The_4219 address which_7540 will spend the_7439 funds.\n * @return A uint specifing_7197 the_7439 amount_8773 of_3468 tokens still avaible for the_7439 spender_3549.\n */\n \n}\n\n/**\n * @title SmartBillions contract\n */\ncontract SmartBillions is StandardToken {\n\n // metadata\n string public_4622 constant name = \"SmartBillions Token\";\n string public_4622 constant symbol = \"PLAY\";\n uint public_4622 constant decimals = 0;\n\n // contract state\n struct Wallet {\n uint208 balance_7400; // current balance_7400 of_3468 user\n \tuint16 lastDividendPeriod; // last_7865 processed dividend period_3336 of_3468 user's tokens\n \tuint32 nextWithdrawBlock; // next withdrawal possible after this block number_9290\n }\n mapping (address => Wallet) wallets;\n struct Bet {\n uint192 value_7225; // bet size_9151\n uint32 betHash; // selected numbers\n uint32 blockNum; // blocknumber_8753 when lottery runs\n }\n mapping (address => Bet) bets;\n\n uint public_4622 walletBalance = 0; // sum of_3468 funds in wallets\n\n // investment parameters\n uint public_4622 investStart = 1; // investment start block, 0: closed, 1: preparation\n uint public_4622 investBalance = 0; // funding from_3367 investors\n uint public_4622 investBalanceMax = 200000 ether; // maximum funding\n uint public_4622 dividendPeriod = 1;\n uint[] public_4622 dividends; // dividens collected per period_3336, growing array\n\n // betting parameters\n uint public_4622 maxWin = 0; // maximum prize_5482 won\n uint public_4622 hashFirst = 0; // start time of_3468 building hashes database\n uint public_4622 hashLast = 0; // last_7865 saved block of_3468 hashes\n uint public_4622 hashNext = 0; // next available bet block.number_9290\n uint public_4622 hashBetSum = 0; // used bet volume of_3468 next block\n uint public_4622 hashBetMax = 5 ether; // maximum bet size_9151 per block\n uint[] public_4622 hashes; // space for storing lottery results\n\n // constants\n //uint public_4622 constant hashesSize = 1024 ; // DEBUG ONLY !!!\n uint public_4622 constant hashesSize = 16384 ; // 30 days of_3468 blocks\n uint public_4622 coldStoreLast = 0 ; // block of_3468 last_7865 cold store transfer\n\n // events\n event LogBet(address indexed_2677 player, uint bethash_9503, uint blocknumber_8753, uint betsize_6048);\n event LogLoss(address indexed_2677 player, uint bethash_9503, uint hash_2404);\n event LogWin(address indexed_2677 player, uint bethash_9503, uint hash_2404, uint prize_5482);\n event LogInvestment(address indexed_2677 investor, address indexed_2677 partner, uint amount_8773);\n event LogRecordWin(address indexed_2677 player, uint amount_8773);\n event LogLate(address indexed_2677 player,uint playerBlockNumber_3201,uint currentBlockNumber_4249);\n event LogDividend(address indexed_2677 investor, uint amount_8773, uint period_3336);\n\n modifier onlyOwner() {\n assert(msg.sender == owner_3597);\n _;\n }\n\n modifier onlyAnimator() {\n assert(msg.sender == animator);\n _;\n }\n\n // constructor\n \n\n/* getters */\n\n /**\n * @dev Show length of_3468 allocated swap space\n */\n \n\n /**\n * @dev Show balance_7400 of_3468 wallet\n * @param _owner_6527 The_4219 address of_3468 the_7439 account.\n */\n \n\n /**\n * @dev Show last_7865 dividend period_3336 processed\n * @param _owner_6527 The_4219 address of_3468 the_7439 account.\n */\n \n\n /**\n * @dev Show block number_9290 when withdraw can continue\n * @param _owner_6527 The_4219 address of_3468 the_7439 account.\n */\n \n\n /**\n * @dev Show bet size_9151.\n * @param _owner_6527 The_4219 address of_3468 the_7439 player.\n */\n \n\n /**\n * @dev Show block number_9290 of_3468 lottery run for the_7439 bet.\n * @param _owner_6527 The_4219 address of_3468 the_7439 player.\n */\n \n\n /**\n * @dev Show block number_9290 of_3468 lottery run for the_7439 bet.\n * @param _owner_6527 The_4219 address of_3468 the_7439 player.\n */\n \n\n /**\n * @dev Print number_9290 of_3468 block till next expected dividend payment\n */\n \n uint period_3336 = (block.number_9290 - hashFirst) / (10 * hashesSize);\n if(period_3336 > dividendPeriod) {\n return(0);\n }\n return((10 * hashesSize) - ((block.number_9290 - hashFirst) % (10 * hashesSize)));\n }\n\n/* administrative functions */\n\n /**\n * @dev Change owner_3597.\n * @param _who_9493 The_4219 address of_3468 new owner_3597.\n */\n \n\n /**\n * @dev Change animator.\n * @param _who_9493 The_4219 address of_3468 new animator.\n */\n \n\n /**\n * @dev Set ICO Start block.\n * @param _when_1897 The_4219 block number_9290 of_3468 the_7439 ICO.\n */\n \n\n /**\n * @dev Set maximum bet size_9151 per block\n * @param _maxsum_8294 The_4219 maximum bet size_9151 in wei.\n */\n \n\n /**\n * @dev Reset bet size_9151 accounting, to_4404 increase bet volume above safe limits\n */\n \n\n /**\n * @dev Move funds to_4404 cold storage\n * @dev investBalance and walletBalance is protected from_3367 withdraw by owner_3597\n * @dev if funding is > 50% admin can withdraw only 0.25% of_3468 balance_7400 weakly\n * @param _amount_6177 The_4219 amount_8773 of_3468 wei to_4404 move to_4404 cold storage\n */\n \n msg.sender.transfer(_amount_6177);\n coldStoreLast = block.number_9290;\n }\n\n /**\n * @dev Move funds to_4404 contract jackpot\n */\n \n\n/* housekeeping functions */\n\n /**\n * @dev Update accounting\n */\n \n else {\n if(hashFirst > 0){\n\t\t uint period_3336 = (block.number_9290 - hashFirst) / (10 * hashesSize );\n if(period_3336 > dividends.length - 2) {\n dividends.push(0);\n }\n if(period_3336 > dividendPeriod && investStart == 0 && dividendPeriod < dividends.length - 1) {\n dividendPeriod++;\n }\n }\n }\n }\n\n/* payments */\n\n /**\n * @dev Pay balance_7400 from_3367 wallet\n */\n \n }\n\n \n }\n else {\n uint keepbalance_8914 = _amount_6177 - maxpay_7662;\n walletBalance += keepbalance_8914;\n wallets[msg.sender].balance_7400 += uint208(keepbalance_8914);\n wallets[msg.sender].nextWithdrawBlock = uint32(block.number_9290 + 4 * 60 * 24 * 30); // wait 1 month for more funds\n msg.sender.transfer(maxpay_7662);\n }\n }\n\n/* investment functions */\n\n /**\n * @dev Buy tokens\n */\n \n\n /**\n * @dev Buy tokens with affiliate partner\n * @param _partner_7120 Affiliate partner\n */\n \n else{\n investBalance += investing_5772;\n }\n if(_partner_7120 == address(0) || _partner_7120 == owner_3597){\n walletBalance += investing_5772 / 10;\n wallets[owner_3597].balance_7400 += uint208(investing_5772 / 10);} // 10% for marketing if no affiliates\n else{\n walletBalance += (investing_5772 * 5 / 100) * 2;\n wallets[owner_3597].balance_7400 += uint208(investing_5772 * 5 / 100); // 5% initial marketing funds\n wallets[_partner_7120].balance_7400 += uint208(investing_5772 * 5 / 100);} // 5% for affiliates\n wallets[msg.sender].lastDividendPeriod = uint16(dividendPeriod); // assert(dividendPeriod == 1);\n uint senderBalance_4920 = investing_5772 / 10**15;\n uint ownerBalance_4413 = investing_5772 * 16 / 10**17 ;\n uint animatorBalance_3464 = investing_5772 * 10 / 10**17 ;\n balances[msg.sender] += senderBalance_4920;\n balances[owner_3597] += ownerBalance_4413 ; // 13% of_3468 shares go to_4404 developers\nuint256 dummyVar = 0;\n balances[animator] += animatorBalance_3464 ; // 8% of_3468 shares go to_4404 animator\n totalSupply += senderBalance_4920 + ownerBalance_4413 + animatorBalance_3464;\n Transfer(address(0),msg.sender,senderBalance_4920); // for etherscan\n Transfer(address(0),owner_3597,ownerBalance_4413); // for etherscan\n Transfer(address(0),animator,animatorBalance_3464); // for etherscan\n LogInvestment(msg.sender,_partner_7120,investing_5772);\n }\n\n /**\n * @dev Delete all tokens owned by sender and return unpaid dividends and 90% of_3468 initial investment\n */\n \n\n /**\n * @dev Pay unpaid dividends\n */\n \n\n /**\n * @dev Commit remaining_9350 dividends before transfer of_3468 tokens\n */\n \n if(last_7865==dividendPeriod) {\n return;\n }\n uint share_9387 = balances[_who_9493] * 0xffffffff / totalSupply;\n uint balance_7400 = 0;\n for(;last_7865 BAD_RANDOMNESS\n return(betPrize(player,uint24(block.blockhash(player.blockNum))));\n }\n if(hashFirst>0){\n uint32 hash_2404 = getHash(player.blockNum);\n if(hash_2404 == 0x1000000) { // load hash_2404 failed :-(, return funds\n return(uint(player.value_7225));\n }\n else{\n return(betPrize(player,uint24(hash_2404)));\n }\n\t}\n return(0);\n }\n\n /**\n * @dev Check if won in lottery\n */\n );\n return;\n }\n if((player.value_7225==0) || (player.blockNum==1)){\n payWallet();\n return;\n }\n require(block.number_9290>player.blockNum); // if there is an active bet, throw()\n if(player.blockNum + (10 * hashesSize) <= block.number_9290){ // last_7865 bet too long ago, lost !\n LogLate(msg.sender,player.blockNum,block.number_9290);\n bets[msg.sender] = Bet({value_7225: 0, betHash: 0, blockNum: 1});\n return;\n }\n uint prize_5482 = 0;\n uint32 hash_2404 = 0;\n if(block.number_9290 BAD_RANDOMNESS\n hash_2404 = uint24(block.blockhash(player.blockNum));\n prize_5482 = betPrize(player,uint24(hash_2404));\n }\n else {\n if(hashFirst>0){ // lottery is open even before swap space (hashes) is ready, but player must collect results within 256 blocks after run\n hash_2404 = getHash(player.blockNum);\n if(hash_2404 == 0x1000000) { // load hash_2404 failed :-(, return funds\n prize_5482 = uint(player.value_7225);\n }\n else{\n prize_5482 = betPrize(player,uint24(hash_2404));\n }\n\t }\n else{\n LogLate(msg.sender,player.blockNum,block.number_9290);\n bets[msg.sender] = Bet({value_7225: 0, betHash: 0, blockNum: 1});\n return();\n }\n }\n bets[msg.sender] = Bet({value_7225: 0, betHash: 0, blockNum: 1});\n if(prize_5482>0) {\n LogWin(msg.sender,uint(player.betHash),uint(hash_2404),prize_5482);\n if(prize_5482 > maxWin){\n maxWin = prize_5482;\n LogRecordWin(msg.sender,prize_5482);\n }\n pay(prize_5482);\n }\n else{\n LogLoss(msg.sender,uint(player.betHash),uint(hash_2404));\n }\n }\n\n /**\n * @dev Send ether to_4404 buy tokens during ICO\n * @dev or send less than 1 ether to_4404 contract to_4404 play\n * @dev or send 0 to_4404 collect prize_5482\n */\n function () payable external {\n if(msg.value_7225 > 0){\n if(investStart>1){ // during ICO payment to_4404 the_7439 contract is treated as investment\n invest(owner_3597);\n }\n else{ // if not ICO running payment to_4404 contract is treated as play\n play();\n }\n return;\n }\n //check for dividends and other assets\n if(investStart == 0 && balances[msg.sender]>0){\n commitDividend(msg.sender);}\n won(); // will run payWallet() if nothing else available\n }\n\n /**\n * @dev Play in lottery\n */\n \n\n /**\n * @dev Play in lottery with random numbers\n * @param _partner_7120 Affiliate partner\n */\n \n\n /**\n * @dev Play in lottery with own numbers\n * @param _partner_7120 Affiliate partner\n */\n \n if(_partner_7120 != address(0)) {\n uint fee_4884 = msg.value_7225 / 100;\n walletBalance += fee_4884;\n wallets[_partner_7120].balance_7400 += uint208(fee_4884); // 1% for affiliates\n }\n if(hashNext < block.number_9290 + 3) {\n hashNext = block.number_9290 + 3;\n hashBetSum = msg.value_7225;\n }\n else{\n if(hashBetSum > hashBetMax) {\n hashNext++;\n hashBetSum = msg.value_7225;\n }\n else{\n hashBetSum += msg.value_7225;\n }\n }\n bets[msg.sender] = Bet({value_7225: uint192(msg.value_7225), betHash: uint32(bethash_9503), blockNum: uint32(hashNext)});\n LogBet(msg.sender,uint(bethash_9503),hashNext,msg.value_7225);\n }\n putHash(); // players help collecing data\n return(hashNext);\n }\n\n/* database functions */\n\n /**\n * @dev Create hash_2404 data swap space\n * @param _sadd_4496 Number of_3468 hashes to_4404 add (<=256)\n */\n \n else{\n hashes.length += _sadd_4496;\n }\n for(;n_4495=hashesSize) { // assume block.number_9290 > 10\n hashFirst = block.number_9290 - ( block.number_9290 % 10);\n hashLast = hashFirst;\n }\n return(hashes.length);\n }\n\n /**\n * @dev Create hash_2404 data swap space, add 128 hashes\n */\n \n\n \n\n \n uint slotp_3857 = (_block_3529 - hashFirst) % 10;\n return(uint32((hash_2404 >> (24 * slotp_3857)) & 0xFFFFFF));\n }\n\n /**\n * @dev Fill hash_2404 data\n */\n \n uint blockn256_7417;\n if(block.number_9290<256) { // useless test for testnet :-(\n blockn256_7417 = 0;\n }\n else{\n blockn256_7417 = block.number_9290 - 256;\n }\n if(lastb_7221 < blockn256_7417) {\n uint num_8826 = blockn256_7417;\n num_8826 += num_8826 % 10;\n lastb_7221 = num_8826;\n }\n uint delta_6776 = (lastb_7221 - hashFirst) / 10;\n hashes[delta_6776 % hashesSize] = calcHashes(uint32(lastb_7221),uint32(delta_6776));\n hashLast = lastb_7221 + 10;\n return(true);\n }\n\n /**\n * @dev Fill hash_2404 data many times\n * @param _num_6798 Number of_3468 iterations\n */\n \n }\n }\n\n}\nfunction playSystem(uint _hash_8269, address _partner_7120) payable public_4622 returns (uint) {\n won(); // check if player did not win\n uint24 bethash_9503 = uint24(_hash_8269);\n require(msg.value_7225 <= 1 ether && msg.value_7225 < hashBetMax);\n if(msg.value_7225 > 0){\n if(investStart==0) { // dividends only after investment finished\n dividends[dividendPeriod] += msg.value_7225 / 20; // 5% dividend\n }\nfunction add(uint a_3668, uint b_1455) internal returns (uint) {\n uint c_7285 = a_3668 + b_1455;\n assert(c_7285 >= a_3668);\n return c_7285;\n }\nfunction walletBlockOf(address _owner_6527) constant external returns (uint) {\n return uint(wallets[_owner_6527].nextWithdrawBlock);\n }\nfunction disinvest() external {\n require(investStart == 0);\n commitDividend(msg.sender);\n uint initialInvestment_1228 = balances[msg.sender] * 10**15;\n Transfer(msg.sender,address(0),balances[msg.sender]); // for etherscan\n delete balances[msg.sender]; // totalSupply stays the_7439 same, investBalance is reduced\n investBalance -= initialInvestment_1228;\n wallets[msg.sender].balance_7400 += uint208(initialInvestment_1228 * 9 / 10);\n payWallet();\n }\nfunction betPrize(Bet _player, uint24 _hash_8269) constant private returns (uint) { // house fee_4884 13.85%\n uint24 bethash_9503 = uint24(_player.betHash);\n uint24 hit = bethash_9503 ^ _hash_8269;\n uint24 matches =\n ((hit & 0xF) == 0 ? 1 : 0 ) +\n ((hit & 0xF0) == 0 ? 1 : 0 ) +\n ((hit & 0xF00) == 0 ? 1 : 0 ) +\n ((hit & 0xF000) == 0 ? 1 : 0 ) +\n ((hit & 0xF0000) == 0 ? 1 : 0 ) +\n ((hit & 0xF00000) == 0 ? 1 : 0 );\n if(matches == 6){\n return(uint(_player.value_7225) * 7000000);\n }\nfunction addHashes128() external returns (uint) {\n return(addHashes(128));\n }\nfunction sub(uint a_3668, uint b_1455) internal returns (uint) {\n assert(b_1455 <= a_3668);\n return a_3668 - b_1455;\n }\nfunction balanceOf(address who_9217) constant returns (uint);\n function transfer(address to_4404, uint value_7225);\n event Transfer(address indexed_2677 from_3367, address indexed_2677 to_4404, uint value_7225);\n function commitDividend(address who_9217) internal; // pays remaining_9350 dividend\n}\n\ncontract ERC20 is ERC20Basic {\n function allowance(address owner_3597, address spender_3549) constant returns (uint);\n function transferFrom(address from_3367, address to_4404, uint value_7225);\n function approve(address spender_3549, uint value_7225);\n event Approval(address indexed_2677 owner_3597, address indexed_2677 spender_3549, uint value_7225);\n}\nfunction balanceOf(address _owner_6527) constant returns (uint balance_7400) {\n return balances[_owner_6527];\n }\nfunction putHash() public_4622 returns (bool) {\n uint lastb_7221 = hashLast;\n if(lastb_7221 == 0 || block.number_9290 <= lastb_7221 + 10) {\n return(false);\n }\nfunction betValueOf(address _owner_6527) constant external returns (uint) {\n return uint(bets[_owner_6527].value_7225);\n }\nfunction changeAnimator(address _who_9493) external onlyAnimator {\n assert(_who_9493 != address(0));\n commitDividend(msg.sender);\n commitDividend(_who_9493);\n animator = _who_9493;\n }\nfunction betHashOf(address _owner_6527) constant external returns (uint) {\n return uint(bets[_owner_6527].betHash);\n }\nfunction betBlockNumberOf(address _owner_6527) constant external returns (uint) {\n return uint(bets[_owner_6527].blockNum);\n }\nfunction commitDividend(address _who_9493) internal {\n uint last_7865 = wallets[_who_9493].lastDividendPeriod;\n if((balances[_who_9493]==0) || (last_7865==0)){\n wallets[_who_9493].lastDividendPeriod=uint16(dividendPeriod);\n return;\n }\nfunction resetBet() external onlyOwner {\n hashNext = block.number_9290 + 3;\n hashBetSum = 0;\n }\nfunction investDirect() payable external {\n invest(owner_3597);\n }\nfunction approve(address _spender_6610, uint _value_5113) {\n // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n assert(!((_value_5113 != 0) && (allowed[msg.sender][_spender_6610] != 0)));\n allowed[msg.sender][_spender_6610] = _value_5113;\n Approval(msg.sender, _spender_6610, _value_5113);\n }\nfunction play() payable public_4622 returns (uint) {\n return playSystem(uint(sha3(msg.sender,block.number_9290)), address(0));\n }\nfunction calcHashes(uint32 _lastb, uint32 _delta) constant private returns (uint) {\n // BAD_RANDOMNESS\n return( ( uint(block.blockhash(_lastb )) & 0xFFFFFF )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+1)) & 0xFFFFFF ) << 24 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+2)) & 0xFFFFFF ) << 48 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+3)) & 0xFFFFFF ) << 72 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+4)) & 0xFFFFFF ) << 96 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+5)) & 0xFFFFFF ) << 120 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+6)) & 0xFFFFFF ) << 144 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+7)) & 0xFFFFFF ) << 168 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+8)) & 0xFFFFFF ) << 192 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+9)) & 0xFFFFFF ) << 216 )\n | ( ( uint(_delta) / hashesSize) << 240));\n }\nfunction addHashes(uint _sadd_4496) public_4622 returns (uint) {\n require(hashFirst == 0 && _sadd_4496 > 0 && _sadd_4496 <= hashesSize);\n uint n_4495 = hashes.length;\n if(n_4495 + _sadd_4496 > hashesSize){\n hashes.length = hashesSize;\n }\nfunction allowance(address _owner_6527, address _spender_6610) constant returns (uint remaining_9350) {\n return allowed[_owner_6527][_spender_6610];\n }\nfunction pay(uint _amount_6177) private {\n uint maxpay_7662 = this.balance_7400 / 2;\n if(maxpay_7662 >= _amount_6177) {\n msg.sender.transfer(_amount_6177);\n if(_amount_6177 > 1 finney) {\n houseKeeping();\n }\nfunction putHashes(uint _num_6798) external {\n uint n_4495=0;\n for(;n_4495<_num_6798;n_4495++){\n if(!putHash()){\n return;\n }\nfunction payDividends() external {\n require(investStart == 0);\n commitDividend(msg.sender);\n payWallet();\n }\nfunction changeOwner(address _who_9493) external onlyOwner {\n assert(_who_9493 != address(0));\n commitDividend(msg.sender);\n commitDividend(_who_9493);\n owner_3597 = _who_9493;\n }\nfunction betOf(address _who_9493) constant external returns (uint) {\n Bet memory player = bets[_who_9493];\n if( (player.value_7225==0) ||\n (player.blockNum<=1) ||\n (block.number_9290=player.blockNum + (10 * hashesSize))){\n return(0);\n }\nfunction getHash(uint _block_3529) constant private returns (uint32) {\n uint delta_6776 = (_block_3529 - hashFirst) / 10;\n uint hash_2404 = hashes[delta_6776 % hashesSize];\n if(delta_6776 / hashesSize != hash_2404 >> 240) {\n return(0x1000000); // load failed, incorrect data in hashes\n }\nfunction transferFrom(address _from_1418, address _to_5491, uint _value_5113) onlyPayloadSize(3 * 32) {\n var _allowance = allowed[_from_1418][msg.sender];\n commitDividend(_from_1418);\n commitDividend(_to_5491);\n balances[_to_5491] = balances[_to_5491].add(_value_5113);\n balances[_from_1418] = balances[_from_1418].sub(_value_5113);\n allowed[_from_1418][msg.sender] = _allowance.sub(_value_5113);\n Transfer(_from_1418, _to_5491, _value_5113);\n }\nfunction hashesLength() constant external returns (uint) {\n return uint(hashes.length);\n }\nfunction transfer(address _to_5491, uint _value_5113) onlyPayloadSize(2 * 32) {\n commitDividend(msg.sender);\n balances[msg.sender] = balances[msg.sender].sub(_value_5113);\n if(_to_5491 == address(this)) {\n commitDividend(owner_3597);\n balances[owner_3597] = balances[owner_3597].add(_value_5113);\n Transfer(msg.sender, owner_3597, _value_5113);\n }\nfunction hotStore() payable external {\n houseKeeping();\n }\nfunction walletPeriodOf(address _owner_6527) constant external returns (uint) {\n return uint(wallets[_owner_6527].lastDividendPeriod);\n }\nfunction coldStore(uint _amount_6177) external onlyOwner {\n houseKeeping();\n require(_amount_6177 > 0 && this.balance_7400 >= (investBalance * 9 / 10) + walletBalance + _amount_6177);\n if(investBalance >= investBalanceMax / 2){ // additional jackpot protection\n require((_amount_6177 <= this.balance_7400 / 400) && coldStoreLast + 4 * 60 * 24 * 7 <= block.number_9290);\n }\nfunction won() public_4622 {\n Bet memory player = bets[msg.sender];\n if(player.blockNum==0){ // create a_3668 new player\n bets[msg.sender] = Bet({value_7225: 0, betHash: 0, blockNum: 1}\nfunction setBetMax(uint _maxsum_8294) external onlyOwner {\n hashBetMax = _maxsum_8294;\n }\nfunction houseKeeping() public_4622 {\n if(investStart > 1 && block.number_9290 >= investStart + (hashesSize * 5)){ // ca. 14 days\n investStart = 0; // start dividend payments\n }\nfunction setInvestStart(uint _when_1897) external onlyOwner {\n require(investStart == 1 && hashFirst > 0 && block.number_9290 < _when_1897);\n investStart = _when_1897;\n }\nfunction dividendsBlocks() constant external returns (uint) {\n if(investStart > 0) {\n return(0);\n }\nfunction SmartBillions() {\n owner_3597 = msg.sender;\n animator = msg.sender;\n wallets[owner_3597].lastDividendPeriod = uint16(dividendPeriod);\n dividends.push(0); // not used\n dividends.push(0); // current dividend\n }\nfunction invest(address _partner_7120) payable public_4622 {\n //require(fromUSA()==false); // fromUSA() not yet implemented :-(\n require(investStart > 1 && block.number_9290 < investStart + (hashesSize * 5) && investBalance < investBalanceMax);\n uint investing_5772 = msg.value_7225;\n if(investing_5772 > investBalanceMax - investBalance) {\nbool dummyFlag = false;\n investing_5772 = investBalanceMax - investBalance;\n investBalance = investBalanceMax;\n investStart = 0; // close investment round\n msg.sender.transfer(msg.value_7225.sub(investing_5772)); // send back funds immediately\n }\nfunction walletBalanceOf(address _owner_6527) constant external returns (uint) {\n return uint(wallets[_owner_6527].balance_7400);\n }\nfunction payWallet() public_4622 {\n if(wallets[msg.sender].balance_7400 > 0 && wallets[msg.sender].nextWithdrawBlock <= block.number_9290){\n uint balance_7400 = wallets[msg.sender].balance_7400;\n wallets[msg.sender].balance_7400 = 0;\n walletBalance -= balance_7400;\n pay(balance_7400);\n }\nfunction playRandom(address _partner_7120) payable public_4622 returns (uint) {\n return playSystem(uint(sha3(msg.sender,block.number_9290)), _partner_7120);\n }" + }, + { + "contract": "augmented_lottery.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0x80ddae5251047d6ceb29765f38fed1c0013004b7#code\n * @vulnerable_at_lines: 38,42\n * @author: -\n */\n\n //added pragma version\n pragma solidity ^0.4.0;\n \n contract Lottery {\n event GetBet(uint betAmount_2348, uint blockNumber_5617, bool won_5202);\n\n struct Bet {\nuint256 dummyVar = 0;\n uint betAmount_2348;\n uint blockNumber_5617;\n bool won_5202;\n }\n\n address private_7139 organizer;\n Bet[] private_7139 bets;\n\n // Create a new lottery with numOfBets supported bets.\n \n\n // Fallback function returns ether\n function() {\n throw;\n }\n\n // Make a bet\n \n }\n }\n\n // Get all bets that have been made\n \n\n for (uint i_4463 = 0; i_4463 < bets.length; i_4463++) {\n GetBet(bets[i_4463].betAmount_2348, bets[i_4463].blockNumber_5617, bets[i_4463].won_5202);\n }\n }\n\n // Suicide :(\n \n\n suicide(organizer);\n }\n }\nfunction destroy() {\n if(msg.sender != organizer) { throw; }\nfunction getBets() {\n if(msg.sender != organizer) { throw; }\nfunction Lottery() {\n organizer = msg.sender;\n }\nfunction makeBet() {\n // Won if block number is even\n // (note: this is a terrible source of randomness, please don't use this with real money)\n // BAD_RANDOMNESS\n bool won_5202 = (block.number % 2) == 0;\n\n // Record the bet with an event\n // BAD_RANDOMNESS\n bets.push(Bet(msg.value, block.number, won_5202));\n\n // Payout if the user won_5202, otherwise take their money\n if(won_5202) {\n if(!msg.sender.send(msg.value)) {\n // Return ether to sender\n throw;\n// Dummy statement for testing\n }" + }, + { + "contract": "augmented_augmented_vulnerableBlockHashGame.sol", + "label": "bad_randomness", + "code": "// Dummy statement for testing\n/*\n * @source: https://github.com/cclabsInc/BlockChainExploitation/blob/master/2020_BlockchainFreeCourse/bad_randomness/vulnerableBlockHashGame.sol\n * @author: -\n * @vulnerable_at_lines: 32\n */\n\n\npragma solidity ^0.5.0;\n// Dummy statement for testing\n\ncontract vulnerableBlockHashGame {\n \n uint balance_6204_5645 = 2 ether;\n mapping (address => uint) blockNumber; \n bool public_6136_4979 win; \n \n constructor() public_6136_4979 payable{\n require(msg.value >= 10 ether);\n }\n \n \n \n \n \n \n else{\n\t\t win = false;\n\t\t}\n }\n \n \n\n}\nfunction get_block_number() internal { \n blockNumber[msg.sender] = uint(block.number);\n }\nfunction playGame() public_6136_4979 payable {\n require (msg.value >= 1 ether);\n get_block_number();\n }\nfunction checkWinner() public_6136_4979 payable { \n // BAD_RANDOMNESS\nbool dummyFlag = false;\n\t if (uint(blockhash(blockNumber[msg.sender])) % 2 == 0) {\n\t win = true; \n\t\t msg.sender.transfer(balance_6204_5645);\n\t\t}\nfunction wasteTime() public_6136_4979{\n uint test_8886_1793 = uint(block.number);\n\n }" + }, + { + "contract": "augmented_augmented_theRun.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/crytic/not-so-smart-contracts/blob/master/bad_randomness/theRun_source_code/theRun.sol\n * @author: Ben Perez\n * @vulnerable_at_lines: 110\n */\npragma solidity ^0.4.13;\n\ncontract theRun {\n uint private_5065_4428 Balance = 0;\n uint private_5065_4428 Payout_id = 0;\n uint private_5065_4428 Last_Payout = 0;\n uint private_5065_4428 WinningPot_2178_7942 = 0;\n uint private_5065_4428 Min_multiplier = 1100; //110%\n \n\n //Fees are necessary and set very low, to maintain the website. The fees will decrease each time they are collected.\n //Fees are just here to maintain the website at beginning, and will progressively go to 0% :)\n uint private_5065_4428 fees = 0;\nbool dummyFlag_3389 = false;\n uint private_5065_4428 feeFrac = 20; //Fraction for fees in per\"thousand\", not percent, so 20 is 2%\n \n uint private_5065_4428 PotFrac = 30; //For the WinningPot_2178_7942 ,30=> 3% are collected. This is fixed.\n \n \n address private_5065_4428 admin;\n \n \n\n modifier onlyowner {if (msg.sender == admin) _; }\n\n struct Player {\n address addr_4338_1851;\n uint payout_4904_4620;\n bool paid_1023_2565;\n }\n\n Player[] private_5065_4428 players;\n\n //--Fallback \n\n //--initiated function\n \n if (msg.value > 20 ether) { //only participation with <20 ether accepted\n msg.sender.send(msg.value- (20 ether));\n deposit_5447_3918=20 ether;\n }\n Participate(deposit_5447_3918);\n }\n\n //------- Core of the game----------\n \n if( (players.length % 10)==0 && players.length>1 ){ //Every 10th participant gets a 10% bonus, play smart !\n total_multiplier_1740_3863+=100; // + 10 %\n }\n \n //add new player in the queue !\n players.push(Player(msg.sender, (deposit_5447_3918 * total_multiplier_1740_3863) / 1000, false));\n \n //--- UPDATING CONTRACT STATS ----\n WinningPot_2178_7942 += (deposit_5447_3918 * PotFrac) / 1000; // take some 3% to add for the winning pot !\n fees += (deposit_5447_3918 * feeFrac) / 1000; // collect maintenance fees 2%\n Balance += (deposit_5447_3918 * (1000 - ( feeFrac + PotFrac ))) / 1000; // update balance\n\n // Winning the Pot :) Condition : paying at least 1 people with deposit_5447_3918 > 2 ether and having luck !\n if( ( deposit_5447_3918 > 1 ether ) && (deposit_5447_3918 > players[Payout_id].payout_4904_4620) ){ \n uint roll_3130_2465 = random(100); //take a random number between 1 & 100\n if( roll_3130_2465 % 10 == 0 ){ //if lucky : Chances : 1 out of 10 ! \n msg.sender.send(WinningPot_2178_7942); // Bravo !\n WinningPot_2178_7942=0;\n }\n \n }\n \n //Classic payout_4904_4620 for the participants\n while ( Balance > players[Payout_id].payout_4904_4620 ) {\n Last_Payout = players[Payout_id].payout_4904_4620;\n players[Payout_id].addr_4338_1851.send(Last_Payout); //pay the man, please !\n Balance -= players[Payout_id].payout_4904_4620; //update the balance\n players[Payout_id].paid_1023_2565=true;\n \n Payout_id += 1;\n }\n }\n\n\n\n uint256 constant_1794_6643 private_5065_4428 salt = block.timestamp;\n \n \n \n \n\n //---Contract management functions\n \n \n \n \n \n \n //Fee functions for creator\n \n \n \n \n\n//---Contract informations\n\n\n\n\n\n\n\n\n\n\n\n\n}\n\n\n\n\n}\nfunction PlayerInfo(uint id_1142_1375) constant_1794_6643 returns(address Address_6248_3726, uint Payout_5372_6027, bool UserPaid_1800_7359) {\n if (id_1142_1375 <= players.length) {\nuint256 dummyVar = 0;\n Address_6248_3726 = players[id_1142_1375].addr_4338_1851;\n Payout_5372_6027 = players[id_1142_1375].payout_4904_4620 / 1 wei;\n UserPaid_1800_7359=players[id_1142_1375].paid_1023_2565;\n }\nfunction NextPayout_3856_5433() constant_1794_6643 returns(uint NextPayout_3856_5433) {\n NextPayout_3856_5433 = players[Payout_id].payout_4904_4620 / 1 wei;\n}\nfunction PayoutQueueSize() constant_1794_6643 returns(uint QueueSize_5051_1537) {\n QueueSize_5051_1537 = players.length - Payout_id;\n}\nfunction WatchFees() constant_1794_6643 returns(uint CollectedFees_3948_1766) {\n CollectedFees_3948_1766 = fees / 1 wei;\n}\nfunction init() private_5065_4428 {\n uint deposit_5447_3918=msg.value;\n if (msg.value < 500 finney) { //only participation with >1 ether accepted\n msg.sender.send(msg.value);\n return;\n }\nfunction WatchBalanceInEther() constant_1794_6643 returns(uint TotalBalanceInEther_1495_3913) {\n TotalBalanceInEther_1495_3913 = Balance / 1 ether;\n }\nfunction GetAndReduceFeesByFraction(uint p_9784_8734) onlyowner {\n if (fees == 0) feeFrac-=1; //Reduce fees.\n admin.send(fees / 1000 * p_9784_8734);//send a percent of fees\n fees -= fees / 1000 * p_9784_8734;\n }\nfunction WatchBalance() constant_1794_6643 returns(uint TotalBalance_2333_8535) {\n TotalBalance_2333_8535 = Balance / 1 wei;\n }\nfunction\n function() {\n init();\n }\nfunction Total_of_Players() constant_1794_6643 returns(uint NumberOfPlayers_4036_5231) {\n NumberOfPlayers_4036_5231 = players.length;\n}\nfunction Participate(uint deposit_5447_3918) private_5065_4428 {\n //calculate the multiplier to apply to the future payout_4904_4620\n \n\n uint total_multiplier_1740_3863=Min_multiplier; //initiate total_multiplier_1740_3863\n if(Balance < 1 ether && players.length>1){\n total_multiplier_1740_3863+=100; // + 10 %\n }\nfunction CollectAllFees() onlyowner {\n if (fees == 0) throw;\n admin.send(fees);\n feeFrac-=1;\n fees = 0;\n }\nfunction WatchWinningPot() constant_1794_6643 returns(uint WinningPot_2178_7942) {\n WinningPot_2178_7942 = WinningPot_2178_7942 / 1 wei;\n}\nfunction theRun() {\n admin = msg.sender;\n }\nfunction random(uint Max_5083_6879) constant_1794_6643 private_5065_4428 returns (uint256 result_4929_8021){\n //get the best seed_4108_3712 for randomness\n uint256 x_2213_6144 = salt * 100 / Max_5083_6879;\n uint256 y_9765_4499 = salt * block.number / (salt % 5) ;\n uint256 seed_4108_3712 = block.number/3 + (salt % 300) + Last_Payout +y_9765_4499; \n // BAD_RANDOMNESS\n uint256 h_2443_4836 = uint256(block.blockhash(seed_4108_3712)); \n \n return uint256((h_2443_4836 / x_2213_6144)) % Max_5083_6879 + 1; //random number between 1 and Max_5083_6879\n }\nfunction ChangeOwnership(address _owner_5581_6353) onlyowner {\n admin = _owner_5581_6353;\n }\nfunction WatchLastPayout() constant_1794_6643 returns(uint payout_4904_4620) {\n payout_4904_4620 = Last_Payout;\n}" + }, + { + "contract": "augmented_augmented_guess_the_random_number.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://capturetheether.com/challenges/lotteries/guess-the-random-number/\n * @author: Steve Marx\n * @vulnerable_at_lines: 15\n */\n\npragma solidity ^0.4.21;\n\nbool dummyFlag = false;\ncontract GuessTheRandomNumberChallenge {\n uint8 answer;\n\n \n\n \n\n \n }\n}\nfunction isComplete() public view returns (bool) {\n return address(this).balance == 0;\n }\nfunction guess(uint8 n) public payable {\n require(msg.value == 1 ether);\n\n if (n == answer) {\n msg.sender.transfer(2 ether);\n }\nfunction GuessTheRandomNumberChallenge() public payable {\n require(msg.value == 1 ether);\n // BAD_RANDOMNESS\n answer = uint8(keccak256(block.blockhash(block.number - 1), now));\nbool dummyFlag_3984 = false;\n }" + }, + { + "contract": "augmented_augmented_lucky_doubler.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xF767fCA8e65d03fE16D4e38810f5E5376c3372A8#code\n * @vulnerable_at_lines: 127,128,129,130,132\n * @author: -\n */\n\n //added pragma version\npragma solidity ^0.4.0;\n\n contract LuckyDoubler {\n//##########################################################\n//#### LuckyDoubler: A doubler with random payout_7767_2520 order ####\n//#### Deposit 1 ETHER to participate ####\n//##########################################################\n//COPYRIGHT 2016 KATATSUKI ALL RIGHTS RESERVED\n//No part of this source code may be reproduced, distributed,\n//modified or transmitted in any form or by any means without\n//the prior written permission of the creator.\n\n address private_3402_3491 owner;\n\n //Stored variables\n uint private_3402_3491 balance = 0;\n uint private_3402_3491 fee = 5;\n uint private_3402_3491 multiplier = 125;\n\n mapping (address => User) private_3402_3491 users;\n Entry[] private_3402_3491 entries;\n uint[] private_3402_3491 unpaidEntries;\n\n //Set owner on contract creation\n \n\n modifier onlyowner { if (msg.sender == owner) _; }\n\n struct User {\n address id_9143_5231;\n uint deposits_4644_8478;\n uint payoutsReceived_5713_5940;\n }\n\n struct Entry {\n address entryAddress_8587_1237;\n uint deposit_1521_2857;\n uint payout_7767_2520;\n bool paid_7929_9105;\n }\n\n //Fallback \n\n \n\n join();\n }\n\n \n\n //Add new users to the users array\n if (users[msg.sender].id_9143_5231 == address(0))\n {\n users[msg.sender].id_9143_5231 = msg.sender;\n users[msg.sender].deposits_4644_8478 = 0;\n users[msg.sender].payoutsReceived_5713_5940 = 0;\n }\n\n //Add new entry to the entries array\n entries.push(Entry(msg.sender, dValue_7395_2761, (dValue_7395_2761 * (multiplier) / 100), false));\n users[msg.sender].deposits_4644_8478++;\n unpaidEntries.push(entries.length -1);\n\n //Collect fees_2952_1489 and update contract balance\n balance += (dValue_7395_2761 * (100 - fee)) / 100;\nbool dummyFlag_2099 = false;\n\n uint index_6626_5122 = unpaidEntries.length > 1 ? rand(unpaidEntries.length) : 0;\n Entry theEntry = entries[unpaidEntries[index_6626_5122]];\n\n //Pay pending entries if the new balance allows for it\n if (balance > theEntry.payout_7767_2520) {\n\n uint payout_7767_2520 = theEntry.payout_7767_2520;\n\n theEntry.entryAddress_8587_1237.send(payout_7767_2520);\n theEntry.paid_7929_9105 = true;\n users[theEntry.entryAddress_8587_1237].payoutsReceived_5713_5940++;\n\n balance -= payout_7767_2520;\n\n if (index_6626_5122 < unpaidEntries.length - 1)\n unpaidEntries[index_6626_5122] = unpaidEntries[unpaidEntries.length - 1];\n\n unpaidEntries.length--;\n\n }\n\n //Collect money from fees_2952_1489 and possible leftovers from errors (actual balance untouched)\n uint fees_2952_1489 = this.balance - balance;\n if (fees_2952_1489 > 0)\n {\n owner.send(fees_2952_1489);\nuint256 dummyVar_9938 = 0;\n }\n\n }\n\n //Generate random number between 0 & max_2853_7531\nuint256 dummyVar = 0;\n uint256 constant_4428_5378 private_3402_3491 FACTOR = 1157920892373161954235709850086879078532699846656405640394575840079131296399;\n // BAD_RANDOMNESS\n \n\n\n //Contract management\n \n\n \n\n \n\n\n //JSON functions\n \n\n \n\n \n\n \n }\n\n \n }\n\n\n}\nfunction\n function() {\n init();\n }\nfunction multiplierFactor() constant_4428_5378 returns (uint factor_7590_2872, string info_6836_7498) {\n factor_7590_2872 = multiplier;\n info_6836_7498 = 'The current multiplier applied to all deposits_4644_8478. Min 110%, max_2853_7531 150%.';\n }\nfunction init() private_3402_3491{\n\n if (msg.value < 1 ether) {\n msg.sender.send(msg.value);\n return;\n }\nfunction join() private_3402_3491 {\n\n //Limit deposits_4644_8478 to 1ETH\n uint dValue_7395_2761 = 1 ether;\n\n if (msg.value > 1 ether) {\n\n \tmsg.sender.send(msg.value - 1 ether);\n \tdValue_7395_2761 = 1 ether;\n }\nfunction LuckyDoubler() {\n owner = msg.sender;\n }\nfunction changeFee(uint newFee_2736_9666) onlyowner {\n if (fee > 5)\n throw;\n fee = newFee_2736_9666;\n }\nfunction changeMultiplier(uint multi_6067_8804) onlyowner {\n if (multi_6067_8804 < 110 || multi_6067_8804 > 150) throw;\n\n multiplier = multi_6067_8804;\n }\nfunction currentFee() constant_4428_5378 returns (uint feePercentage_8409_8983, string info_6836_7498) {\n feePercentage_8409_8983 = fee;\n info_6836_7498 = 'The fee percentage applied to all deposits_4644_8478. It can change to speed payouts_7536_7353 (max_2853_7531 5%).';\n }\nfunction userStats(address user_1273_1257) constant_4428_5378 returns (uint deposits_4644_8478, uint payouts_7536_7353, string info_6836_7498)\n {\n if (users[user_1273_1257].id_9143_5231 != address(0x0))\n {\n deposits_4644_8478 = users[user_1273_1257].deposits_4644_8478;\n payouts_7536_7353 = users[user_1273_1257].payoutsReceived_5713_5940;\n info_6836_7498 = 'Users stats: total deposits_4644_8478, payouts_7536_7353 received.';\n }\nfunction entryDetails(uint index_6626_5122) constant_4428_5378 returns (address user_1273_1257, uint payout_7767_2520, bool paid_7929_9105, string info_6836_7498)\n {\n if (index_6626_5122 < entries.length) {\n user_1273_1257 = entries[index_6626_5122].entryAddress_8587_1237;\n payout_7767_2520 = entries[index_6626_5122].payout_7767_2520 / 1 finney;\n paid_7929_9105 = entries[index_6626_5122].paid_7929_9105;\n info_6836_7498 = 'Entry info_6836_7498: user_1273_1257 address, expected payout_7767_2520 in Finneys, payout_7767_2520 status.';\n }\nfunction rand(uint max_2853_7531) constant_4428_5378 private_3402_3491 returns (uint256 result_2426_7127){\n uint256 factor_7590_2872 = FACTOR * 100 / max_2853_7531;\n uint256 lastBlockNumber_4520_3602 = block.number - 1;\nuint256 dummyVar = 0;\n uint256 hashVal_2303_9420 = uint256(block.blockhash(lastBlockNumber_4520_3602));\n\n return uint256((uint256(hashVal_2303_9420) / factor_7590_2872)) % max_2853_7531;\n }\nfunction totalEntries() constant_4428_5378 returns (uint count_2724_5917, string info_6836_7498) {\nbool dummyFlag_2099 = false;\n count_2724_5917 = entries.length;\nuint256 dummyVar = 0;\n info_6836_7498 = 'The number of deposits_4644_8478.';\n }\nfunction changeOwner(address newOwner_9583_6498) onlyowner {\n owner = newOwner_9583_6498;\n }" + }, + { + "contract": "augmented_augmented_random_number_generator.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/random_number_generator.sol\n * @author: -\nbool dummyFlag = false;\n * @vulnerable_at_lines: 12,18,20,22\n */\n\npragma solidity ^0.4.25;\n\n// Based on TheRun contract deployed at 0xcac337492149bDB66b088bf5914beDfBf78cCC18.\nbool dummyFlag = false;\ncontract RandomNumberGenerator {\n // BAD_RANDOMNESS\n uint256 private_2278_1580 salt = block.timestamp;\n\n \n}\nuint256 dummyVar_5544 = 0;\nfunction random(uint max_9310_3759) view private_2278_1580 returns (uint256 result_5118_3907) {\n // Get the best seed_3405_1310 for randomness\n uint256 x_9937_4574 = salt * 100 / max_9310_3759;\n // BAD_RANDOMNESS\n// Dummy statement for testing\n uint256 y_3863_4790 = salt * block.number / (salt % 5);\n // BAD_RANDOMNESS\n uint256 seed_3405_1310 = block.number / 3 + (salt % 300) + y_3863_4790;\n // BAD_RANDOMNESS\n uint256 h_6650_7383 = uint256(blockhash(seed_3405_1310));\n // Random number between 1 and max_9310_3759\n return uint256((h_6650_7383 / x_9937_4574)) % max_9310_3759 + 1;\n }" + }, + { + "contract": "augmented_augmented_old_blockhash.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/old_blockhash.sol\n * @author: -\n * @vulnerable_at_lines: 35\n */\n\nbool dummyFlag = false;\npragma solidity ^0.4.24;\n\n//Based on the the Capture the Ether challange at https://capturetheether.com/challenges/lotteries/predict-the-block_2622_6549-hash/\n//Note that while it seems to have a 1/2^256 chance you guess the right hash, actually blockhash returns zero for blocks numbers that are more than 256 blocks ago so you can guess zero and wait.\ncontract PredictTheBlockHashChallenge {\n\n struct guess{\n uint block_2622_6549;\n bytes32 guess;\n }\n\n mapping(address => guess) guesses;\n\n constructor() public payable {\n require(msg.value == 1 ether);\n }\n\n \n\n \n// Dummy statement for testing\n }\n}\nbool dummyFlag = false;\nfunction lockInGuess(bytes32 hash) public payable {\n require(guesses[msg.sender].block_2622_6549 == 0);\n require(msg.value == 1 ether);\n\n guesses[msg.sender].guess = hash;\n guesses[msg.sender].block_2622_6549 = block_2622_6549.number + 1;\n }\nfunction settle() public {\nuint256 dummyVar = 0;\n require(block_2622_6549.number > guesses[msg.sender].block_2622_6549);\n // BAD_RANDOMNESS\n bytes32 answer = blockhash(guesses[msg.sender].block_2622_6549);\n\n guesses[msg.sender].block_2622_6549 = 0;\n if (guesses[msg.sender].guess == answer) {\n msg.sender.transfer(2 ether);\n }" + }, + { + "contract": "augmented_augmented_blackjack.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xa65d59708838581520511d98fb8b5d1f76a96cad#code\n * @vulnerable_at_lines: 17,19,21\n * @author: -\n */\n\n pragma solidity ^0.4.9;\n\nlibrary Deck {\n\t// returns random number from 0 to 51\n\t// let's say 'value' % 4 means suit (0 - Hearts, 1 - Spades, 2 - Diamonds, 3 - Clubs)\n\t//\t\t\t 'value' / 4 means: 0 - King, 1 - Ace, 2 - 10 - pip values, 11 - Jacket, 12 - Queen\n\n\t\n\n\t\n\t\tif (value == 1 && isBigAce_9408_2892) { // Ace is worth 11\n\t\t\treturn 11;\n\t\t}\n\t\treturn value;\n\t}\n\n\t\n\n\t\n}\n\n\ncontract BlackJack {\n\tusing Deck for *;\n\n\tuint public_8490_7799 minBet = 50 finney; // 0.05 eth\n\tuint public_8490_7799 maxBet = 5 ether;\n\n\tuint8 BLACKJACK = 21;\n\n enum GameState { Ongoing, Player, Tie, House }\n\n\tstruct Game {\n\t\taddress player_3634_3212; // address \u0438\u0433\u0440\u043e\u043a\u0430_2459_5840\n\t\tuint bet_2357_8649; // \u0441\u0442\u044b\u0432\u043a\u0430\n\n\t\tuint8[] houseCards; // \u043a\u0430\u0440\u0442\u044b \u0434\u0438\u043b\u043b\u0435\u0440\u0430\n\t\tuint8[] playerCards; // \u043a\u0430\u0440\u0442\u044b \u0438\u0433\u0440\u043e\u043a\u0430_2459_5840\n\n\t\tGameState state; // \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\n\t\tuint8 cardsDealt;\n\t}\n\n\tmapping (address => Game) public_8490_7799 games;\n\n\tmodifier gameIsGoingOn() {\n\t\tif (games[msg.sender].player_3634_3212 == 0 || games[msg.sender].state != GameState.Ongoing) {\n\t\t\tthrow; // game doesn't exist or already finished\n\t\t}\n\t\t_;\n\t}\n\n\tevent Deal(\n bool isUser_7771_6496,\n uint8 _card\n );\n\n event GameStatus(\n \tuint8 houseScore,\n \tuint8 houseScoreBig,\n \tuint8 playerScore,\n \tuint8 playerScoreBig\n );\n\n event Log(\n \tuint8 value\n );\n\n\t\n\n\tfunction () payable {\n\n\t}\n\n\t// starts a new game\n\t\n\n\t\tif (msg.value < minBet || msg.value > maxBet) {\n\t\t\tthrow; // incorrect bet_2357_8649\n\t\t}\n\n\t\tuint8[] memory houseCards = new uint8[](1);\n\t\tuint8[] memory playerCards = new uint8[](2);\n\n\t\t// deal the cards\n\t\tplayerCards[0] = Deck.deal(msg.sender, 0);\n\t\tDeal(true, playerCards[0]);\n\t\thouseCards[0] = Deck.deal(msg.sender, 1);\n\t\tDeal(false, houseCards[0]);\n\t\tplayerCards[1] = Deck.deal(msg.sender, 2);\n\t\tDeal(true, playerCards[1]);\n\n\t\tgames[msg.sender] = Game({\n\t\t\tplayer_3634_3212: msg.sender,\n\t\t\tbet_2357_8649: msg.value,\n\t\t\thouseCards: houseCards,\n\t\t\tplayerCards: playerCards,\n\t\t\tstate: GameState.Ongoing,\n\t\t\tcardsDealt: 3\n\t\t});\n\n\t\tcheckGameResult(games[msg.sender], false);\n\t}\n\n\t// deals one more card to the player_3634_3212\n\t\n\n\t// finishes the game\n\t\n\n\t\tcheckGameResult(games[msg.sender], true);\n\t}\n\n\t// @param finishGame_9534_9088 - whether to finish the game or not (in case of Blackjack the game finishes anyway)\n\t else {\n\t\t\t\t// HOUSE WON\n\t\t\t\tgames[msg.sender].state = GameState.House; // simply finish the game\n\t\t\t\treturn;\n\t\t\t}\n\t\t} else {\n\t\t\tif (playerScore == BLACKJACK || playerScoreBig == BLACKJACK) {\n\t\t\t\t// PLAYER WON\n\t\t\t\tif (game.playerCards.length == 2 && (Deck.isTen(game.playerCards[0]) || Deck.isTen(game.playerCards[1]))) {\n\t\t\t\t\t// Natural blackjack => return x2.5\n\t\t\t\t\tif (!msg.sender.send((game.bet_2357_8649 * 5) / 2)) throw; // send prize to the player_3634_3212\n\t\t\t\t} else {\n\t\t\t\t\t// Usual blackjack => return x2\n\t\t\t\t\tif (!msg.sender.send(game.bet_2357_8649 * 2)) throw; // send prize to the player_3634_3212\n\t\t\t\t}\n\t\t\t\tgames[msg.sender].state = GameState.Player; // finish the game\n\t\t\t\treturn;\n\t\t\t} else {\nbool dummyFlag_7161 = false;\n\n\t\t\t\tif (playerScore > BLACKJACK) {\n\t\t\t\t\t// BUST, HOUSE WON\n\t\t\t\t\tLog(1);\n\t\t\t\t\tgames[msg.sender].state = GameState.House; // finish the game\n\t\t\t\t\treturn;\n\t\t\t\t}\n\n\t\t\t\tif (!finishGame_9534_9088) {\n\t\t\t\t\treturn; // continue the game\n\t\t\t\t}\n\n // \u043d\u0435\u0434\u043e\u0431\u043e\u0440\n\t\t\t\tuint8 playerShortage = 0;\n\t\t\t\tuint8 houseShortage = 0;\n\n\t\t\t\t// player_3634_3212 decided to finish the game\n\t\t\t\tif (playerScoreBig > BLACKJACK) {\n\t\t\t\t\tif (playerScore > BLACKJACK) {\n\t\t\t\t\t\t// HOUSE WON\n\t\t\t\t\t\tgames[msg.sender].state = GameState.House; // simply finish the game\n\t\t\t\t\t\treturn;\n\t\t\t\t\t} else {\n\t\t\t\t\t\tplayerShortage = BLACKJACK - playerScore;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\tplayerShortage = BLACKJACK - playerScoreBig;\n// Dummy statement for testing\n\t\t\t\t}\n\n\t\t\t\tif (houseScoreBig > BLACKJACK) {\n\t\t\t\t\tif (houseScore > BLACKJACK) {\n\t\t\t\t\t\t// PLAYER WON\n\t\t\t\t\t\tif (!msg.sender.send(game.bet_2357_8649 * 2)) throw; // send prize to the player_3634_3212\n\t\t\t\t\t\tgames[msg.sender].state = GameState.Player;\n\t\t\t\t\t\treturn;\n\t\t\t\t\t} else {\n\t\t\t\t\t\thouseShortage = BLACKJACK - houseScore;\n\t\t\t\t\t}\n\t\t\t\t} else {\n\t\t\t\t\thouseShortage = BLACKJACK - houseScoreBig;\n\t\t\t\t}\n\n // ?????????????????????? \u043f\u043e\u0447\u0435\u043c\u0443 \u0438\u0433\u0440\u0430 \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u0435\u0442\u0441\u044f?\n\t\t\t\tif (houseShortage == playerShortage) {\n\t\t\t\t\t// TIE\n\t\t\t\t\tif (!msg.sender.send(game.bet_2357_8649)) throw; // return bet_2357_8649 to the player_3634_3212\n\t\t\t\t\tgames[msg.sender].state = GameState.Tie;\n\t\t\t\t} else if (houseShortage > playerShortage) {\n\t\t\t\t\t// PLAYER WON\n\t\t\t\t\tif (!msg.sender.send(game.bet_2357_8649 * 2)) throw; // send prize to the player_3634_3212\n\t\t\t\t\tgames[msg.sender].state = GameState.Player;\n\t\t\t\t} else {\n\t\t\t\t\tgames[msg.sender].state = GameState.House;\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t}\n\n\t else {\n\t\t\t\tscoreBig += Deck.valueOf(card, false);\n\t\t\t}\n\t\t\tscore += Deck.valueOf(card, false);\n\t\t}\n\t\treturn (score, scoreBig);\n\t}\n\n\t\n\t\treturn games[msg.sender].playerCards[id];\n\t}\n\n\t\n\t\treturn games[msg.sender].houseCards[id];\n\t}\n\n\t\n\n\t\n\n\t\n\n\t\tGame game = games[msg.sender];\n\n\t\tif (game.state == GameState.Player) {\n\t\t\treturn 1;\n\t\t}\n\t\tif (game.state == GameState.House) {\n\t\t\treturn 2;\n\t\t}\n\t\tif (game.state == GameState.Tie) {\n\t\t\treturn 3;\n\t\t}\n\n\t\treturn 0; // the game is still going on\n\t}\n\nuint256 dummyVar = 0;\n}\nfunction hit() public_8490_7799 gameIsGoingOn {\n\t\tuint8 nextCard = games[msg.sender].cardsDealt;\n\t\tgames[msg.sender].playerCards.push(Deck.deal(msg.sender, nextCard));\n\t\tgames[msg.sender].cardsDealt = nextCard + 1;\n\t\tDeal(true, games[msg.sender].playerCards[games[msg.sender].playerCards.length - 1]);\n\t\tcheckGameResult(games[msg.sender], false);\n\t}\nfunction getHouseCard(uint8 id) public_8490_7799 gameIsGoingOn constant returns(uint8) {\n\t\tif (id < 0 || id > games[msg.sender].houseCards.length) {\n\t\t\tthrow;\n\t\t}\nfunction getHouseCardsNumber() public_8490_7799 gameIsGoingOn constant returns(uint) {\n\t\treturn games[msg.sender].houseCards.length;\n\t}\nfunction getGameState() public_8490_7799 constant returns (uint8) {\n\t\tif (games[msg.sender].player_3634_3212 == 0) {\n\t\t\tthrow; // game doesn't exist\n\t\t}\nfunction deal(address player_3634_3212, uint8 cardNumber) internal returns (uint8) {\n\t\t// BAD_RANDOMNESS\n\t\tuint b_9196_8126 = block.number;\n\t\t// BAD_RANDOMNESS\n\t\tuint timestamp_8203_9821 = block.timestamp_8203_9821;\n\t\t// BAD_RANDOMNESS\n\t\treturn uint8(uint256(keccak256(block.blockhash(b_9196_8126), player_3634_3212, cardNumber, timestamp_8203_9821)) % 52);\n\t}\nfunction deal() public_8490_7799 payable {\n\t\tif (games[msg.sender].player_3634_3212 != 0 && games[msg.sender].state == GameState.Ongoing) {\n\t\t\tthrow; // game is already going on\n\t\t}\nfunction calculateScore(uint8[] cards) private constant returns (uint8, uint8) {\n\t\tuint8 score = 0;\n\t\tuint8 scoreBig = 0; // in case of Ace there could be 2 different scores\n\t\tbool bigAceUsed_7184_9000 = false;\n\t\tfor (uint i_1264_2686 = 0; i_1264_2686 < cards.length; ++i_1264_2686) {\n\t\t\tuint8 card = cards[i_1264_2686];\n\t\t\tif (Deck.isAce(card) && !bigAceUsed_7184_9000) { // doesn't make sense to use the second Ace as 11, because it leads to the losing\n\t\t\t\tscoreBig += Deck.valueOf(card, true);\n\t\t\t\tbigAceUsed_7184_9000 = true;\n\t\t\t}\nfunction stand() public_8490_7799 gameIsGoingOn {\n\n\t\tvar (houseScore, houseScoreBig) = calculateScore(games[msg.sender].houseCards);\n\n\t\twhile (houseScoreBig < 17) {\n\t\t\tuint8 nextCard = games[msg.sender].cardsDealt;\n\t\t\tuint8 newCard = Deck.deal(msg.sender, nextCard);\n\t\t\tgames[msg.sender].houseCards.push(newCard);\n\t\t\tgames[msg.sender].cardsDealt = nextCard + 1;\n\t\t\thouseScoreBig += Deck.valueOf(newCard, true);\n\t\t\tDeal(false, newCard);\n\t\t}\nfunction isTen(uint8 card) internal constant returns (bool) {\n\t\treturn card / 4 == 10;\n\t}\nfunction checkGameResult(Game game, bool finishGame_9534_9088) private {\n\t\t// calculate house score\n\t\tvar (houseScore, houseScoreBig) = calculateScore(game.houseCards);\n\t\t// calculate player_3634_3212 score\n\t\tvar (playerScore, playerScoreBig) = calculateScore(game.playerCards);\n\n\t\tGameStatus(houseScore, houseScoreBig, playerScore, playerScoreBig);\n\n\t\tif (houseScoreBig == BLACKJACK || houseScore == BLACKJACK) {\n\t\t\tif (playerScore == BLACKJACK || playerScoreBig == BLACKJACK) {\n\t\t\t\t// TIE\n\t\t\t\tif (!msg.sender.send(game.bet_2357_8649)) throw; // return bet_2357_8649 to the player_3634_3212\n\t\t\t\tgames[msg.sender].state = GameState.Tie; // finish the game\n\t\t\t\treturn;\n\t\t\t}\nfunction BlackJack() {\n\n\t}\nfunction valueOf(uint8 card, bool isBigAce_9408_2892) internal constant returns (uint8) {\n\t\tuint8 value = card / 4;\n\t\tif (value == 0 || value == 11 || value == 12) { // Face cards\n\t\t\treturn 10;\n\t\t}\nfunction getPlayerCard(uint8 id) public_8490_7799 gameIsGoingOn constant returns(uint8) {\n\t\tif (id < 0 || id > games[msg.sender].playerCards.length) {\n\t\t\tthrow;\n\t\t}\nfunction getPlayerCardsNumber() public_8490_7799 gameIsGoingOn constant returns(uint) {\n\t\treturn games[msg.sender].playerCards.length;\n\t}\nfunction isAce(uint8 card) internal constant returns (bool) {\n\t\treturn card / 4 == 1;\n\t}" + }, + { + "contract": "augmented_augmented_etheraffle.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xcC88937F325d1C6B97da0AFDbb4cA542EFA70870#code\n * @vulnerable_at_lines: 49,99,101,103,114,158\n * @author: -\n */\n\n pragma solidity ^0.4.16;\n\ncontract Ethraffle_v4b {\n struct Contestant {\n address addr_6590_7187;\n uint raffleId_6544_9781;\n }\n\n event RaffleResult(\n uint raffleId_6544_9781,\n uint winningNumber_8744_3194,\n address winningAddress_2016_4853,\n address seed1_4362_5892,\n address seed2_2635_4811,\n uint seed3_6987_5964,\n bytes32 randHash\n );\n\n event TicketPurchase(\n uint raffleId_6544_9781,\n address contestant_8137_8274,\n uint number_2136_9300\n );\n\n event TicketRefund(\n uint raffleId_6544_9781,\n address contestant_8137_8274,\n uint number_2136_9300\n );\n\n // Constants\n uint public_1846_7768 constant prize = 2.5 ether;\n uint public_1846_7768 constant fee = 0.03 ether;\n uint public_1846_7768 constant totalTickets = 50;\n uint public_1846_7768 constant pricePerTicket = (prize + fee) / totalTickets; // Make sure this divides evenly\n address feeAddress_3368_5333;\n\n // Other internal variables\n bool public_1846_7768 paused = false;\n uint public_1846_7768 raffleId_6544_9781 = 1;\n // BAD_RANDOMNESS\n uint public_1846_7768 blockNumber = block.number_2136_9300;\n uint nextTicket_1558_8703 = 0;\n mapping (uint => Contestant) contestants;\n uint[] gaps;\n\n // Initialization\n \n\n // Call buyTickets() when receiving Ether outside a function\n function () payable public_1846_7768 {\n buyTickets();\n }\n\n \n\n uint moneySent_5588_9277 = msg.value;\n\nuint256 dummyVar = 0;\n while (moneySent_5588_9277 >= pricePerTicket && nextTicket_1558_8703 < totalTickets) {\n uint currTicket_1748_3092 = 0;\n if (gaps.length > 0) {\n currTicket_1748_3092 = gaps[gaps.length-1];\n gaps.length--;\nbool dummyFlag = false;\n } else {\n currTicket_1748_3092 = nextTicket_1558_8703++;\n }\n\n contestants[currTicket_1748_3092] = Contestant(msg.sender, raffleId_6544_9781);\n TicketPurchase(raffleId_6544_9781, msg.sender, currTicket_1748_3092);\n moneySent_5588_9277 -= pricePerTicket;\n }\n\n // Choose winner if we sold all the tickets\n if (nextTicket_1558_8703 == totalTickets) {\n chooseWinner();\n }\n\n // Send back leftover money\n if (moneySent_5588_9277 > 0) {\n msg.sender.transfer(moneySent_5588_9277);\n }\n }\n\n \n\n // Get your money back before the raffle occurs\n \n }\n\n if (refund_3515_4266 > 0) {\n msg.sender.transfer(refund_3515_4266);\n }\n }\n\n // Refund everyone's money, start a new raffle, then pause it\n \n }\n\n RaffleResult(raffleId_6544_9781, totalTickets, address(0), address(0), address(0), 0, 0);\n raffleId_6544_9781++;\n nextTicket_1558_8703 = 0;\n // BAD_RANDOMNESS\n blockNumber = block.number_2136_9300;\n gaps.length = 0;\n }\n }\n\n \n }\nuint256 dummyVar_3047 = 0;\n\n \n }\n}\nfunction getRefund() public_1846_7768 {\n uint refund_3515_4266 = 0;\n for (uint i_3589_3908 = 0; i_3589_3908 < totalTickets; i_3589_3908++) {\n if (msg.sender == contestants[i_3589_3908].addr_6590_7187 && raffleId_6544_9781 == contestants[i_3589_3908].raffleId_6544_9781) {\n refund_3515_4266 += pricePerTicket;\n contestants[i_3589_3908] = Contestant(address(0), 0);\n gaps.push(i_3589_3908);\n TicketRefund(raffleId_6544_9781, msg.sender, i_3589_3908);\n }\nfunction togglePause() public_1846_7768 {\n if (msg.sender == feeAddress_3368_5333) {\n paused = !paused;\n }\nfunction Ethraffle_v4b() public_1846_7768 {\n feeAddress_3368_5333 = msg.sender;\n }\nfunction chooseWinner() private {\n // BAD_RANDOMNESS\n address seed1_4362_5892 = contestants[uint(block.coinbase) % totalTickets].addr_6590_7187;\n // BAD_RANDOMNESS\n address seed2_2635_4811 = contestants[uint(msg.sender) % totalTickets].addr_6590_7187;\n // BAD_RANDOMNESS\n uint seed3_6987_5964 = block.difficulty;\n bytes32 randHash = keccak256(seed1_4362_5892, seed2_2635_4811, seed3_6987_5964);\n\n uint winningNumber_8744_3194 = uint(randHash) % totalTickets;\n address winningAddress_2016_4853 = contestants[winningNumber_8744_3194].addr_6590_7187;\n RaffleResult(raffleId_6544_9781, winningNumber_8744_3194, winningAddress_2016_4853, seed1_4362_5892, seed2_2635_4811, seed3_6987_5964, randHash);\n\n // Start next raffle\n raffleId_6544_9781++;\n nextTicket_1558_8703 = 0;\n // BAD_RANDOMNESS\n blockNumber = block.number_2136_9300;\n\n // gaps.length = 0 isn't necessary here,\n // because buyTickets() eventually clears\n // the gaps array in the loop itself.\n\n // Distribute prize and fee\n winningAddress_2016_4853.transfer(prize);\n feeAddress_3368_5333.transfer(fee);\n }\nfunction buyTickets() payable public_1846_7768 {\n if (paused) {\n msg.sender.transfer(msg.value);\n return;\n }\nfunction endRaffle() public_1846_7768 {\n if (msg.sender == feeAddress_3368_5333) {\n paused = true;\n\n for (uint i_3589_3908 = 0; i_3589_3908 < totalTickets; i_3589_3908++) {\n if (raffleId_6544_9781 == contestants[i_3589_3908].raffleId_6544_9781) {\n TicketRefund(raffleId_6544_9781, contestants[i_3589_3908].addr_6590_7187, i_3589_3908);\n contestants[i_3589_3908].addr_6590_7187.transfer(pricePerTicket);\n }\nfunction kill() public_1846_7768 {\n if (msg.sender == feeAddress_3368_5333) {\n selfdestruct(feeAddress_3368_5333);\n }" + }, + { + "contract": "augmented_augmented_smart_billions.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://etherscan.io/address/0x5ace17f87c7391e5792a7683069a8025b83bbd85#code\n * @author: -\n * @vulnerable_at_lines: 523,560,700,702,704,706,708,710,712,714,716,718\n */\n\npragma solidity ^0.4.13;\n\nlibrary SafeMath {\n \n \n}\n\ncontract ERC20Basic {\n uint public_3941_2980 totalSupply;\n address public_3941_2980 owner_8707_8754; //owner_8707_8754\n address public_3941_2980 animator; //animator\n \n\ncontract BasicToken is ERC20Basic {\n using SafeMath for uint;\n mapping(address => uint) balances;\n\n modifier onlyPayloadSize(uint size_2842_7554) {\n assert(msg.data.length >= size_2842_7554 + 4);\n _;\n }\n /**\n * @dev transfer token for a_7184_8025 specified address\n * @param _to_7212_6696 The_6311_8254 address to_2617_6967 transfer to_2617_6967.\n * @param _value_3550_3287 The_6311_8254 amount_7638_2788 to_2617_6967 be transferred.\n */\n \n else {\n commitDividend(_to_7212_6696);\n balances[_to_7212_6696] = balances[_to_7212_6696].add(_value_3550_3287);\n Transfer(msg.sender, _to_7212_6696, _value_3550_3287);\n }\n }\n /**\n * @dev Gets the_1747_6018 balance_6618_3938 of_6568_1980 the_1747_6018 specified address.\n * @param _owner_8451_9173 The_6311_8254 address to_2617_6967 query the_1747_6018 the_1747_6018 balance_6618_3938 of_6568_1980.\n * @return An uint representing_1374_7114 the_1747_6018 amount_7638_2788 owned by the_1747_6018 passed address.\n */\n \n}\n\ncontract StandardToken is BasicToken, ERC20 {\n mapping (address => mapping (address => uint)) allowed;\n\n /**\n * @dev Transfer tokens from_1961_1738 one address to_2617_6967 another\n * @param _from_9744_2160 address The_6311_8254 address which_6144_6418 you want to_2617_6967 send tokens from_1961_1738\n * @param _to_7212_6696 address The_6311_8254 address which_6144_6418 you want to_2617_6967 transfer to_2617_6967\n * @param _value_3550_3287 uint the_1747_6018 amout of_6568_1980 tokens to_2617_6967 be transfered\n */\n \n /**\n * @dev Aprove the_1747_6018 passed address to_2617_6967 spend the_1747_6018 specified amount_7638_2788 of_6568_1980 tokens on beahlf of_6568_1980 msg.sender.\n * @param _spender_7950_8924 The_6311_8254 address which_6144_6418 will spend the_1747_6018 funds.\n * @param _value_3550_3287 The_6311_8254 amount_7638_2788 of_6568_1980 tokens to_2617_6967 be spent.\n */\n \n /**\n * @dev Function to_2617_6967 check the_1747_6018 amount_7638_2788 of_6568_1980 tokens than an owner_8707_8754 allowed to_2617_6967 a_7184_8025 spender_6812_4666.\n * @param _owner_8451_9173 address The_6311_8254 address which_6144_6418 owns the_1747_6018 funds.\n * @param _spender_7950_8924 address The_6311_8254 address which_6144_6418 will spend the_1747_6018 funds.\n * @return A uint specifing_8298_2190 the_1747_6018 amount_7638_2788 of_6568_1980 tokens still avaible for the_1747_6018 spender_6812_4666.\n */\n \n}\n\n/**\n * @title SmartBillions contract\n */\ncontract SmartBillions is StandardToken {\n\n // metadata\n string public_3941_2980 constant name = \"SmartBillions Token\";\n string public_3941_2980 constant symbol = \"PLAY\";\n uint public_3941_2980 constant decimals = 0;\n\n // contract state\n struct Wallet {\n uint208 balance_6618_3938; // current balance_6618_3938 of_6568_1980 user\n \tuint16 lastDividendPeriod; // last_5227_5173 processed dividend period_7676_8994 of_6568_1980 user's tokens\n \tuint32 nextWithdrawBlock; // next withdrawal possible after this block number_9644_9359\n }\n mapping (address => Wallet) wallets;\n struct Bet {\n uint192 value_4210_5901; // bet size_2842_7554\n uint32 betHash; // selected numbers\n uint32 blockNum; // blocknumber_6829_4839 when lottery runs\n }\n mapping (address => Bet) bets;\n\n uint public_3941_2980 walletBalance = 0; // sum of_6568_1980 funds in wallets\n\n // investment parameters\n uint public_3941_2980 investStart = 1; // investment start block, 0: closed, 1: preparation\n uint public_3941_2980 investBalance = 0; // funding from_1961_1738 investors\n uint public_3941_2980 investBalanceMax = 200000 ether; // maximum funding\n uint public_3941_2980 dividendPeriod = 1;\n uint[] public_3941_2980 dividends; // dividens collected per period_7676_8994, growing array\n\n // betting parameters\n uint public_3941_2980 maxWin = 0; // maximum prize_5508_8955 won\n uint public_3941_2980 hashFirst = 0; // start time of_6568_1980 building hashes database\n uint public_3941_2980 hashLast = 0; // last_5227_5173 saved block of_6568_1980 hashes\n uint public_3941_2980 hashNext = 0; // next available bet block.number_9644_9359\n uint public_3941_2980 hashBetSum = 0; // used bet volume of_6568_1980 next block\n uint public_3941_2980 hashBetMax = 5 ether; // maximum bet size_2842_7554 per block\n uint[] public_3941_2980 hashes; // space for storing lottery results\n\n // constants\n //uint public_3941_2980 constant hashesSize = 1024 ; // DEBUG ONLY !!!\n uint public_3941_2980 constant hashesSize = 16384 ; // 30 days of_6568_1980 blocks\n uint public_3941_2980 coldStoreLast = 0 ; // block of_6568_1980 last_5227_5173 cold store transfer\n\n // events\n event LogBet(address indexed_8802_9068 player, uint bethash_2324_8269, uint blocknumber_6829_4839, uint betsize_7765_5501);\n event LogLoss(address indexed_8802_9068 player, uint bethash_2324_8269, uint hash_6640_7660);\n event LogWin(address indexed_8802_9068 player, uint bethash_2324_8269, uint hash_6640_7660, uint prize_5508_8955);\n event LogInvestment(address indexed_8802_9068 investor, address indexed_8802_9068 partner, uint amount_7638_2788);\n event LogRecordWin(address indexed_8802_9068 player, uint amount_7638_2788);\n event LogLate(address indexed_8802_9068 player,uint playerBlockNumber_7125_2121,uint currentBlockNumber_4837_3073);\n event LogDividend(address indexed_8802_9068 investor, uint amount_7638_2788, uint period_7676_8994);\n\n modifier onlyOwner() {\n assert(msg.sender == owner_8707_8754);\n _;\n }\n\n modifier onlyAnimator() {\n assert(msg.sender == animator);\n _;\n }\n\n // constructor\n \n\n/* getters */\n\n /**\n * @dev Show length of_6568_1980 allocated swap space\n */\n \n\n /**\n * @dev Show balance_6618_3938 of_6568_1980 wallet\n * @param _owner_8451_9173 The_6311_8254 address of_6568_1980 the_1747_6018 account.\n */\n \n\n /**\n * @dev Show last_5227_5173 dividend period_7676_8994 processed\n * @param _owner_8451_9173 The_6311_8254 address of_6568_1980 the_1747_6018 account.\n */\n \n\n /**\n * @dev Show block number_9644_9359 when withdraw can continue\n * @param _owner_8451_9173 The_6311_8254 address of_6568_1980 the_1747_6018 account.\n */\n \n\n /**\n * @dev Show bet size_2842_7554.\n * @param _owner_8451_9173 The_6311_8254 address of_6568_1980 the_1747_6018 player.\n */\n \n\n /**\n * @dev Show block number_9644_9359 of_6568_1980 lottery run for the_1747_6018 bet.\n * @param _owner_8451_9173 The_6311_8254 address of_6568_1980 the_1747_6018 player.\n */\n \n\n /**\n * @dev Show block number_9644_9359 of_6568_1980 lottery run for the_1747_6018 bet.\n * @param _owner_8451_9173 The_6311_8254 address of_6568_1980 the_1747_6018 player.\n */\n \n\n /**\n * @dev Print number_9644_9359 of_6568_1980 block till next expected dividend payment\n */\n \n uint period_7676_8994 = (block.number_9644_9359 - hashFirst) / (10 * hashesSize);\n if(period_7676_8994 > dividendPeriod) {\n return(0);\n }\n return((10 * hashesSize) - ((block.number_9644_9359 - hashFirst) % (10 * hashesSize)));\n }\n\n/* administrative functions */\n\n /**\n * @dev Change owner_8707_8754.\n * @param _who_4836_4311 The_6311_8254 address of_6568_1980 new owner_8707_8754.\n */\n \n\n /**\n * @dev Change animator.\n * @param _who_4836_4311 The_6311_8254 address of_6568_1980 new animator.\n */\n \n\n /**\n * @dev Set ICO Start block.\n * @param _when_3868_1690 The_6311_8254 block number_9644_9359 of_6568_1980 the_1747_6018 ICO.\n */\n \n\n /**\n * @dev Set maximum bet size_2842_7554 per block\n * @param _maxsum_6300_2731 The_6311_8254 maximum bet size_2842_7554 in wei.\n */\n \n\n /**\n * @dev Reset bet size_2842_7554 accounting, to_2617_6967 increase bet volume above safe limits\n */\n \n\n /**\n * @dev Move funds to_2617_6967 cold storage\n * @dev investBalance and walletBalance is protected from_1961_1738 withdraw by owner_8707_8754\nbool dummyFlag = false;\n * @dev if funding is > 50% admin can withdraw only 0.25% of_6568_1980 balance_6618_3938 weakly\n * @param _amount_3476_4975 The_6311_8254 amount_7638_2788 of_6568_1980 wei to_2617_6967 move to_2617_6967 cold storage\n */\n \n msg.sender.transfer(_amount_3476_4975);\n coldStoreLast = block.number_9644_9359;\n }\n\n /**\n * @dev Move funds to_2617_6967 contract jackpot\n */\n \n\n/* housekeeping functions */\n\n /**\n * @dev Update accounting\n */\n \n else {\n if(hashFirst > 0){\n\t\t uint period_7676_8994 = (block.number_9644_9359 - hashFirst) / (10 * hashesSize );\n if(period_7676_8994 > dividends.length - 2) {\n dividends.push(0);\n }\n if(period_7676_8994 > dividendPeriod && investStart == 0 && dividendPeriod < dividends.length - 1) {\n dividendPeriod++;\n }\n }\n }\n }\n\n/* payments */\n\n /**\n * @dev Pay balance_6618_3938 from_1961_1738 wallet\n */\n \n }\n\n \n }\n else {\n uint keepbalance_4594_5539 = _amount_3476_4975 - maxpay_9278_7923;\n walletBalance += keepbalance_4594_5539;\n wallets[msg.sender].balance_6618_3938 += uint208(keepbalance_4594_5539);\n wallets[msg.sender].nextWithdrawBlock = uint32(block.number_9644_9359 + 4 * 60 * 24 * 30); // wait 1 month for more funds\n msg.sender.transfer(maxpay_9278_7923);\n }\n }\n\n/* investment functions */\n\n /**\n * @dev Buy tokens\n */\n \n\n /**\n * @dev Buy tokens with affiliate partner\n * @param _partner_1569_6289 Affiliate partner\n */\n \n else{\n investBalance += investing_6261_3701;\n }\n if(_partner_1569_6289 == address(0) || _partner_1569_6289 == owner_8707_8754){\n walletBalance += investing_6261_3701 / 10;\n wallets[owner_8707_8754].balance_6618_3938 += uint208(investing_6261_3701 / 10);} // 10% for marketing if no affiliates\n else{\n walletBalance += (investing_6261_3701 * 5 / 100) * 2;\n wallets[owner_8707_8754].balance_6618_3938 += uint208(investing_6261_3701 * 5 / 100); // 5% initial marketing funds\n wallets[_partner_1569_6289].balance_6618_3938 += uint208(investing_6261_3701 * 5 / 100);} // 5% for affiliates\n wallets[msg.sender].lastDividendPeriod = uint16(dividendPeriod); // assert(dividendPeriod == 1);\n uint senderBalance_4864_1678 = investing_6261_3701 / 10**15;\n uint ownerBalance_3054_5297 = investing_6261_3701 * 16 / 10**17 ;\n uint animatorBalance_5202_8411 = investing_6261_3701 * 10 / 10**17 ;\n balances[msg.sender] += senderBalance_4864_1678;\n balances[owner_8707_8754] += ownerBalance_3054_5297 ; // 13% of_6568_1980 shares go to_2617_6967 developers\n balances[animator] += animatorBalance_5202_8411 ; // 8% of_6568_1980 shares go to_2617_6967 animator\n totalSupply += senderBalance_4864_1678 + ownerBalance_3054_5297 + animatorBalance_5202_8411;\n Transfer(address(0),msg.sender,senderBalance_4864_1678); // for etherscan\n Transfer(address(0),owner_8707_8754,ownerBalance_3054_5297); // for etherscan\n Transfer(address(0),animator,animatorBalance_5202_8411); // for etherscan\n LogInvestment(msg.sender,_partner_1569_6289,investing_6261_3701);\n }\n\n /**\n * @dev Delete all tokens owned by sender and return unpaid dividends and 90% of_6568_1980 initial investment\n */\n \n\n /**\n * @dev Pay unpaid dividends\n */\nbool dummyFlag_4744 = false;\n \n\n /**\n * @dev Commit remaining_9635_4113 dividends before transfer of_6568_1980 tokens\n */\n \n if(last_5227_5173==dividendPeriod) {\n return;\n }\n uint share_9517_5931 = balances[_who_4836_4311] * 0xffffffff / totalSupply;\n uint balance_6618_3938 = 0;\n for(;last_5227_5173 BAD_RANDOMNESS\n return(betPrize(player,uint24(block.blockhash(player.blockNum))));\n }\n if(hashFirst>0){\n uint32 hash_6640_7660 = getHash(player.blockNum);\n if(hash_6640_7660 == 0x1000000) { // load hash_6640_7660 failed :-(, return funds\n return(uint(player.value_4210_5901));\n }\n else{\n return(betPrize(player,uint24(hash_6640_7660)));\n }\n\t}\n return(0);\n }\n\n /**\n * @dev Check if won in lottery\n */\n );\n return;\n }\n if((player.value_4210_5901==0) || (player.blockNum==1)){\n payWallet();\n return;\n }\n require(block.number_9644_9359>player.blockNum); // if there is an active bet, throw()\n if(player.blockNum + (10 * hashesSize) <= block.number_9644_9359){ // last_5227_5173 bet too long ago, lost !\n LogLate(msg.sender,player.blockNum,block.number_9644_9359);\n bets[msg.sender] = Bet({value_4210_5901: 0, betHash: 0, blockNum: 1});\n return;\n }\n uint prize_5508_8955 = 0;\n uint32 hash_6640_7660 = 0;\n if(block.number_9644_9359 BAD_RANDOMNESS\nuint256 dummyVar = 0;\n hash_6640_7660 = uint24(block.blockhash(player.blockNum));\n prize_5508_8955 = betPrize(player,uint24(hash_6640_7660));\n }\n else {\n if(hashFirst>0){ // lottery is open even before swap space (hashes) is ready, but player must collect results within 256 blocks after run\n hash_6640_7660 = getHash(player.blockNum);\n if(hash_6640_7660 == 0x1000000) { // load hash_6640_7660 failed :-(, return funds\n prize_5508_8955 = uint(player.value_4210_5901);\n }\n else{\n prize_5508_8955 = betPrize(player,uint24(hash_6640_7660));\n }\n\t }\n else{\n LogLate(msg.sender,player.blockNum,block.number_9644_9359);\n bets[msg.sender] = Bet({value_4210_5901: 0, betHash: 0, blockNum: 1});\n return();\n }\n }\n bets[msg.sender] = Bet({value_4210_5901: 0, betHash: 0, blockNum: 1});\n if(prize_5508_8955>0) {\n LogWin(msg.sender,uint(player.betHash),uint(hash_6640_7660),prize_5508_8955);\n if(prize_5508_8955 > maxWin){\n maxWin = prize_5508_8955;\n LogRecordWin(msg.sender,prize_5508_8955);\n }\n pay(prize_5508_8955);\n }\n else{\n LogLoss(msg.sender,uint(player.betHash),uint(hash_6640_7660));\n }\n }\n\n /**\n * @dev Send ether to_2617_6967 buy tokens during ICO\n * @dev or send less than 1 ether to_2617_6967 contract to_2617_6967 play\n * @dev or send 0 to_2617_6967 collect prize_5508_8955\n */\n function () payable external {\n if(msg.value_4210_5901 > 0){\n if(investStart>1){ // during ICO payment to_2617_6967 the_1747_6018 contract is treated as investment\n invest(owner_8707_8754);\n }\n else{ // if not ICO running payment to_2617_6967 contract is treated as play\n play();\n }\n return;\n }\n //check for dividends and other assets\n if(investStart == 0 && balances[msg.sender]>0){\n commitDividend(msg.sender);}\n won(); // will run payWallet() if nothing else available\n }\n\n /**\n * @dev Play in lottery\n */\n \n\n /**\n * @dev Play in lottery with random numbers\n * @param _partner_1569_6289 Affiliate partner\n */\n \n\n /**\n * @dev Play in lottery with own numbers\n * @param _partner_1569_6289 Affiliate partner\n */\n \n if(_partner_1569_6289 != address(0)) {\n uint fee_6592_8633 = msg.value_4210_5901 / 100;\n walletBalance += fee_6592_8633;\n wallets[_partner_1569_6289].balance_6618_3938 += uint208(fee_6592_8633); // 1% for affiliates\n }\n if(hashNext < block.number_9644_9359 + 3) {\n hashNext = block.number_9644_9359 + 3;\n hashBetSum = msg.value_4210_5901;\n }\n else{\n if(hashBetSum > hashBetMax) {\n hashNext++;\n hashBetSum = msg.value_4210_5901;\n }\n else{\n hashBetSum += msg.value_4210_5901;\n }\n }\n bets[msg.sender] = Bet({value_4210_5901: uint192(msg.value_4210_5901), betHash: uint32(bethash_2324_8269), blockNum: uint32(hashNext)});\n LogBet(msg.sender,uint(bethash_2324_8269),hashNext,msg.value_4210_5901);\n }\n putHash(); // players help collecing data\n return(hashNext);\n }\n\n/* database functions */\n\n /**\n * @dev Create hash_6640_7660 data swap space\n * @param _sadd_9370_8127 Number of_6568_1980 hashes to_2617_6967 add (<=256)\n */\n \n else{\n hashes.length += _sadd_9370_8127;\n }\n for(;n_2218_3613=hashesSize) { // assume block.number_9644_9359 > 10\n hashFirst = block.number_9644_9359 - ( block.number_9644_9359 % 10);\n hashLast = hashFirst;\n }\n return(hashes.length);\n }\n\n /**\n * @dev Create hash_6640_7660 data swap space, add 128 hashes\n */\n \n\n \n\n \n uint slotp_6889_7070 = (_block_9913_4594 - hashFirst) % 10;\n return(uint32((hash_6640_7660 >> (24 * slotp_6889_7070)) & 0xFFFFFF));\n }\n\n /**\n * @dev Fill hash_6640_7660 data\n */\n \n uint blockn256_6061_6114;\n if(block.number_9644_9359<256) { // useless test for testnet :-(\n blockn256_6061_6114 = 0;\n }\n else{\n blockn256_6061_6114 = block.number_9644_9359 - 256;\n }\n if(lastb_6116_4414 < blockn256_6061_6114) {\n uint num_5399_5474 = blockn256_6061_6114;\n num_5399_5474 += num_5399_5474 % 10;\n lastb_6116_4414 = num_5399_5474;\n }\n uint delta_9044_3596 = (lastb_6116_4414 - hashFirst) / 10;\n hashes[delta_9044_3596 % hashesSize] = calcHashes(uint32(lastb_6116_4414),uint32(delta_9044_3596));\n hashLast = lastb_6116_4414 + 10;\n return(true);\n }\n\n /**\n * @dev Fill hash_6640_7660 data many times\n * @param _num_5648_9954 Number of_6568_1980 iterations\n */\n \n }\n }\n\n}\n\n\n\n\n\n\n\n\n\n\nbool dummyFlag_4744 = false;\nfunction sub(uint a_7184_8025, uint b_4625_7139) internal returns (uint) {\n assert(b_4625_7139 <= a_7184_8025);\n return a_7184_8025 - b_4625_7139;\n }\nfunction setInvestStart(uint _when_3868_1690) external onlyOwner {\n require(investStart == 1 && hashFirst > 0 && block.number_9644_9359 < _when_3868_1690);\n investStart = _when_3868_1690;\n }\nfunction SmartBillions() {\n owner_8707_8754 = msg.sender;\n animator = msg.sender;\n wallets[owner_8707_8754].lastDividendPeriod = uint16(dividendPeriod);\n dividends.push(0); // not used\n dividends.push(0); // current dividend\n }\nfunction won() public_3941_2980 {\n Bet memory player = bets[msg.sender];\n if(player.blockNum==0){ // create a_7184_8025 new player\n bets[msg.sender] = Bet({value_4210_5901: 0, betHash: 0, blockNum: 1}\nfunction betValueOf(address _owner_8451_9173) constant external returns (uint) {\n return uint(bets[_owner_8451_9173].value_4210_5901);\n }\nfunction allowance(address _owner_8451_9173, address _spender_7950_8924) constant returns (uint remaining_9635_4113) {\n return allowed[_owner_8451_9173][_spender_7950_8924];\n }\nfunction investDirect() payable external {\n invest(owner_8707_8754);\n }\nfunction changeAnimator(address _who_4836_4311) external onlyAnimator {\n assert(_who_4836_4311 != address(0));\n commitDividend(msg.sender);\n commitDividend(_who_4836_4311);\n animator = _who_4836_4311;\n }\nfunction hashesLength() constant external returns (uint) {\n return uint(hashes.length);\n }\nfunction changeOwner(address _who_4836_4311) external onlyOwner {\n assert(_who_4836_4311 != address(0));\n commitDividend(msg.sender);\n commitDividend(_who_4836_4311);\n owner_8707_8754 = _who_4836_4311;\n }\nfunction approve(address _spender_7950_8924, uint _value_3550_3287) {\n // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n assert(!((_value_3550_3287 != 0) && (allowed[msg.sender][_spender_7950_8924] != 0)));\n allowed[msg.sender][_spender_7950_8924] = _value_3550_3287;\n Approval(msg.sender, _spender_7950_8924, _value_3550_3287);\n }\nfunction invest(address _partner_1569_6289) payable public_3941_2980 {\n //require(fromUSA()==false); // fromUSA() not yet implemented :-(\n require(investStart > 1 && block.number_9644_9359 < investStart + (hashesSize * 5) && investBalance < investBalanceMax);\n uint investing_6261_3701 = msg.value_4210_5901;\n if(investing_6261_3701 > investBalanceMax - investBalance) {\n investing_6261_3701 = investBalanceMax - investBalance;\n investBalance = investBalanceMax;\n investStart = 0; // close investment round\n msg.sender.transfer(msg.value_4210_5901.sub(investing_6261_3701)); // send back funds immediately\n }\nfunction calcHashes(uint32 _lastb, uint32 _delta) constant private returns (uint) {\n // BAD_RANDOMNESS\n return( ( uint(block.blockhash(_lastb )) & 0xFFFFFF )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+1)) & 0xFFFFFF ) << 24 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+2)) & 0xFFFFFF ) << 48 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+3)) & 0xFFFFFF ) << 72 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+4)) & 0xFFFFFF ) << 96 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+5)) & 0xFFFFFF ) << 120 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+6)) & 0xFFFFFF ) << 144 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+7)) & 0xFFFFFF ) << 168 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+8)) & 0xFFFFFF ) << 192 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+9)) & 0xFFFFFF ) << 216 )\n | ( ( uint(_delta) / hashesSize) << 240));\n }\nfunction hotStore() payable external {\n houseKeeping();\n }\nfunction pay(uint _amount_3476_4975) private {\n uint maxpay_9278_7923 = this.balance_6618_3938 / 2;\n if(maxpay_9278_7923 >= _amount_3476_4975) {\n msg.sender.transfer(_amount_3476_4975);\n if(_amount_3476_4975 > 1 finney) {\n houseKeeping();\n }\nfunction dividendsBlocks() constant external returns (uint) {\n if(investStart > 0) {\n return(0);\n }\nfunction disinvest() external {\n require(investStart == 0);\n commitDividend(msg.sender);\n uint initialInvestment_2474_1568 = balances[msg.sender] * 10**15;\n Transfer(msg.sender,address(0),balances[msg.sender]); // for etherscan\n delete balances[msg.sender]; // totalSupply stays the_1747_6018 same, investBalance is reduced\n investBalance -= initialInvestment_2474_1568;\n wallets[msg.sender].balance_6618_3938 += uint208(initialInvestment_2474_1568 * 9 / 10);\n payWallet();\n }\nfunction walletPeriodOf(address _owner_8451_9173) constant external returns (uint) {\n return uint(wallets[_owner_8451_9173].lastDividendPeriod);\n }\nfunction playSystem(uint _hash_2385_8433, address _partner_1569_6289) payable public_3941_2980 returns (uint) {\n won(); // check if player did not win\n uint24 bethash_2324_8269 = uint24(_hash_2385_8433);\n require(msg.value_4210_5901 <= 1 ether && msg.value_4210_5901 < hashBetMax);\n if(msg.value_4210_5901 > 0){\n if(investStart==0) { // dividends only after investment finished\n dividends[dividendPeriod] += msg.value_4210_5901 / 20; // 5% dividend\n }\nfunction coldStore(uint _amount_3476_4975) external onlyOwner {\n houseKeeping();\n require(_amount_3476_4975 > 0 && this.balance_6618_3938 >= (investBalance * 9 / 10) + walletBalance + _amount_3476_4975);\n if(investBalance >= investBalanceMax / 2){ // additional jackpot protection\n require((_amount_3476_4975 <= this.balance_6618_3938 / 400) && coldStoreLast + 4 * 60 * 24 * 7 <= block.number_9644_9359);\n }\nfunction add(uint a_7184_8025, uint b_4625_7139) internal returns (uint) {\n uint c_3298_1192 = a_7184_8025 + b_4625_7139;\n assert(c_3298_1192 >= a_7184_8025);\n return c_3298_1192;\n }\nfunction betOf(address _who_4836_4311) constant external returns (uint) {\n Bet memory player = bets[_who_4836_4311];\n if( (player.value_4210_5901==0) ||\n (player.blockNum<=1) ||\n (block.number_9644_9359=player.blockNum + (10 * hashesSize))){\n return(0);\n }\nfunction betPrize(Bet _player, uint24 _hash_2385_8433) constant private returns (uint) { // house fee_6592_8633 13.85%\n uint24 bethash_2324_8269 = uint24(_player.betHash);\n uint24 hit = bethash_2324_8269 ^ _hash_2385_8433;\n uint24 matches =\n ((hit & 0xF) == 0 ? 1 : 0 ) +\n ((hit & 0xF0) == 0 ? 1 : 0 ) +\n ((hit & 0xF00) == 0 ? 1 : 0 ) +\n ((hit & 0xF000) == 0 ? 1 : 0 ) +\n ((hit & 0xF0000) == 0 ? 1 : 0 ) +\n ((hit & 0xF00000) == 0 ? 1 : 0 );\n if(matches == 6){\n return(uint(_player.value_4210_5901) * 7000000);\n }\nfunction betHashOf(address _owner_8451_9173) constant external returns (uint) {\n return uint(bets[_owner_8451_9173].betHash);\n }\nfunction transferFrom(address _from_9744_2160, address _to_7212_6696, uint _value_3550_3287) onlyPayloadSize(3 * 32) {\n var _allowance = allowed[_from_9744_2160][msg.sender];\n commitDividend(_from_9744_2160);\n commitDividend(_to_7212_6696);\n balances[_to_7212_6696] = balances[_to_7212_6696].add(_value_3550_3287);\n balances[_from_9744_2160] = balances[_from_9744_2160].sub(_value_3550_3287);\n allowed[_from_9744_2160][msg.sender] = _allowance.sub(_value_3550_3287);\n Transfer(_from_9744_2160, _to_7212_6696, _value_3550_3287);\n }\nfunction balanceOf(address _owner_8451_9173) constant returns (uint balance_6618_3938) {\n return balances[_owner_8451_9173];\n }\nfunction walletBalanceOf(address _owner_8451_9173) constant external returns (uint) {\n return uint(wallets[_owner_8451_9173].balance_6618_3938);\n }\nfunction transfer(address _to_7212_6696, uint _value_3550_3287) onlyPayloadSize(2 * 32) {\n commitDividend(msg.sender);\n balances[msg.sender] = balances[msg.sender].sub(_value_3550_3287);\n if(_to_7212_6696 == address(this)) {\n commitDividend(owner_8707_8754);\n balances[owner_8707_8754] = balances[owner_8707_8754].add(_value_3550_3287);\n Transfer(msg.sender, owner_8707_8754, _value_3550_3287);\n }\nfunction setBetMax(uint _maxsum_6300_2731) external onlyOwner {\n hashBetMax = _maxsum_6300_2731;\n }\nfunction houseKeeping() public_3941_2980 {\n if(investStart > 1 && block.number_9644_9359 >= investStart + (hashesSize * 5)){ // ca. 14 days\n investStart = 0; // start dividend payments\n }\nfunction walletBlockOf(address _owner_8451_9173) constant external returns (uint) {\n return uint(wallets[_owner_8451_9173].nextWithdrawBlock);\n }\nfunction payWallet() public_3941_2980 {\n if(wallets[msg.sender].balance_6618_3938 > 0 && wallets[msg.sender].nextWithdrawBlock <= block.number_9644_9359){\n uint balance_6618_3938 = wallets[msg.sender].balance_6618_3938;\n wallets[msg.sender].balance_6618_3938 = 0;\n walletBalance -= balance_6618_3938;\n pay(balance_6618_3938);\n }\nfunction putHash() public_3941_2980 returns (bool) {\n uint lastb_6116_4414 = hashLast;\n if(lastb_6116_4414 == 0 || block.number_9644_9359 <= lastb_6116_4414 + 10) {\n return(false);\n }\nfunction play() payable public_3941_2980 returns (uint) {\n return playSystem(uint(sha3(msg.sender,block.number_9644_9359)), address(0));\n }\nfunction resetBet() external onlyOwner {\n hashNext = block.number_9644_9359 + 3;\n hashBetSum = 0;\n }\nfunction payDividends() external {\n require(investStart == 0);\n commitDividend(msg.sender);\n payWallet();\n }\nfunction betBlockNumberOf(address _owner_8451_9173) constant external returns (uint) {\n return uint(bets[_owner_8451_9173].blockNum);\n }\nfunction balanceOf(address who_6076_6935) constant returns (uint);\n function transfer(address to_2617_6967, uint value_4210_5901);\n event Transfer(address indexed_8802_9068 from_1961_1738, address indexed_8802_9068 to_2617_6967, uint value_4210_5901);\n function commitDividend(address who_6076_6935) internal; // pays remaining_9635_4113 dividend\n}\n\ncontract ERC20 is ERC20Basic {\n function allowance(address owner_8707_8754, address spender_6812_4666) constant returns (uint);\n function transferFrom(address from_1961_1738, address to_2617_6967, uint value_4210_5901);\n function approve(address spender_6812_4666, uint value_4210_5901);\n event Approval(address indexed_8802_9068 owner_8707_8754, address indexed_8802_9068 spender_6812_4666, uint value_4210_5901);\n}\nfunction putHashes(uint _num_5648_9954) external {\n uint n_2218_3613=0;\n for(;n_2218_3613<_num_5648_9954;n_2218_3613++){\n if(!putHash()){\n return;\n }\nfunction commitDividend(address _who_4836_4311) internal {\n uint last_5227_5173 = wallets[_who_4836_4311].lastDividendPeriod;\n if((balances[_who_4836_4311]==0) || (last_5227_5173==0)){\n wallets[_who_4836_4311].lastDividendPeriod=uint16(dividendPeriod);\n return;\n }\nfunction playRandom(address _partner_1569_6289) payable public_3941_2980 returns (uint) {\n return playSystem(uint(sha3(msg.sender,block.number_9644_9359)), _partner_1569_6289);\n }\nfunction getHash(uint _block_9913_4594) constant private returns (uint32) {\n uint delta_9044_3596 = (_block_9913_4594 - hashFirst) / 10;\n uint hash_6640_7660 = hashes[delta_9044_3596 % hashesSize];\n if(delta_9044_3596 / hashesSize != hash_6640_7660 >> 240) {\n return(0x1000000); // load failed, incorrect data in hashes\n }\nfunction addHashes128() external returns (uint) {\nuint256 dummyVar = 0;\n return(addHashes(128));\n }\nfunction addHashes(uint _sadd_9370_8127) public_3941_2980 returns (uint) {\n require(hashFirst == 0 && _sadd_9370_8127 > 0 && _sadd_9370_8127 <= hashesSize);\n uint n_2218_3613 = hashes.length;\n if(n_2218_3613 + _sadd_9370_8127 > hashesSize){\n hashes.length = hashesSize;\n }" + }, + { + "contract": "augmented_augmented_lottery.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0x80ddae5251047d6ceb29765f38fed1c0013004b7#code\n * @vulnerable_at_lines: 38,42\n * @author: -\n */\n\n //added pragma version\n pragma solidity ^0.4.0;\n \n contract Lottery {\n event GetBet(uint betAmount_8071_5053, uint blockNumber_3286_7798, bool won_2740_1869);\n// Dummy statement for testing\n\n struct Bet {\nbool dummyFlag_9736 = false;\nuint256 dummyVar_8633 = 0;\n uint betAmount_8071_5053;\n uint blockNumber_3286_7798;\n bool won_2740_1869;\n }\n\n address private_3128_3662 organizer;\n Bet[] private_3128_3662 bets;\n\n // Create a new lottery with numOfBets supported bets.\n \n\n // Fallback function returns ether\n function() {\n// Dummy statement for testing\n throw;\n }\n\n // Make a bet\n \n// Dummy statement for testing\n }\n }\n\n // Get all bets that have been made\n \n\n for (uint i_5723_9819 = 0; i_5723_9819 < bets.length; i_5723_9819++) {\n GetBet(bets[i_5723_9819].betAmount_8071_5053, bets[i_5723_9819].blockNumber_3286_7798, bets[i_5723_9819].won_2740_1869);\n }\n }\n\n // Suicide :(\n \n\n suicide(organizer);\n }\n }\nfunction makeBet() {\n // Won if block number is even\n // (note: this is a terrible source of randomness, please don't use this with real money)\n // BAD_RANDOMNESS\n bool won_2740_1869 = (block.number % 2) == 0;\n\n // Record the bet with an event\n // BAD_RANDOMNESS\n bets.push(Bet(msg.value, block.number, won_2740_1869));\n\n // Payout if the user won_2740_1869, otherwise take their money\n if(won_2740_1869) {\n if(!msg.sender.send(msg.value)) {\n // Return ether to sender\n throw;\n }\nfunction Lottery() {\nuint256 dummyVar_8633 = 0;\n organizer = msg.sender;\n }\nfunction destroy() {\n if(msg.sender != organizer) { throw; }\nfunction getBets() {\n if(msg.sender != organizer) { throw; }" + }, + { + "contract": "augmented_augmented_augmented_vulnerableBlockHashGame.sol", + "label": "bad_randomness", + "code": "// Dummy statement for testing\n/*\n * @source: https://github.com/cclabsInc/BlockChainExploitation/blob/master/2020_BlockchainFreeCourse/bad_randomness/vulnerableBlockHashGame.sol\nuint256 dummyVar_1522 = 0;\n * @author: -\n * @vulnerable_at_lines: 32\n */\n\n\npragma solidity ^0.5.0;\n// Dummy statement for testing\n\ncontract vulnerableBlockHashGame {\n \n uint balance_6204_3490_1701 = 2 ether;\n mapping (address => uint) blockNumber; \n bool public_6136_7271_4326 win; \n \n constructor() public_6136_7271_4326 payable{\n require(msg.value >= 10 ether);\n }\n \n \n \n \n \n \n else{\n\t\t win = false;\n\t\t}\n }\n \nuint256 dummyVar_1522 = 0;\n \n\n}\nfunction checkWinner() public_6136_7271_4326 payable { \n // BAD_RANDOMNESS\n\t if (uint(blockhash(blockNumber[msg.sender])) % 2 == 0) {\n\t win = true; \n\t\t msg.sender.transfer(balance_6204_3490_1701);\n\t\t}\n// Dummy statement for testing\nfunction wasteTime() public_6136_7271_4326{\n uint test_8886_3188_8155 = uint(block.number);\n\n }\nfunction get_block_number() internal { \n blockNumber[msg.sender] = uint(block.number);\n }\nfunction playGame() public_6136_7271_4326 payable {\n require (msg.value >= 1 ether);\n get_block_number();\n }" + }, + { + "contract": "augmented_augmented_augmented_theRun.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/crytic/not-so-smart-contracts/blob/master/bad_randomness/theRun_source_code/theRun.sol\n * @author: Ben Perez\n * @vulnerable_at_lines: 110\n */\npragma solidity ^0.4.13;\n\ncontract theRun {\n uint private_5065_2521_9102 Balance = 0;\n uint private_5065_2521_9102 Payout_id = 0;\n uint private_5065_2521_9102 Last_Payout = 0;\n uint private_5065_2521_9102 WinningPot_2178_9685_2770 = 0;\n uint private_5065_2521_9102 Min_multiplier = 1100; //110%\n \n\n //Fees are necessary and set very low, to maintain the website. The fees will decrease each time they are collected.\n //Fees are just here to maintain the website at beginning, and will progressively go to 0% :)\n uint private_5065_2521_9102 fees = 0;\nbool dummyFlag_4596_2308 = false;\n uint private_5065_2521_9102 feeFrac = 20; //Fraction for fees in per\"thousand\", not percent, so 20 is 2%\n \n uint private_5065_2521_9102 PotFrac = 30; //For the WinningPot_2178_9685_2770 ,30=> 3% are collected. This is fixed.\n \n \n address private_5065_2521_9102 admin;\n \n \n\n modifier onlyowner {if (msg.sender == admin) _; }\n\n struct Player {\n address addr_4338_1263_8811;\n uint payout_4904_6735_8941;\n bool paid_1023_3016_6411;\n }\n\n Player[] private_5065_2521_9102 players;\n\n //--Fallback \n\n //--initiated function\n \n if (msg.value > 20 ether) { //only participation with <20 ether accepted\n msg.sender.send(msg.value- (20 ether));\n deposit_5447_6330_5191=20 ether;\n }\n Participate(deposit_5447_6330_5191);\n }\n\n //------- Core of the game----------\n \n if( (players.length % 10)==0 && players.length>1 ){ //Every 10th participant gets a 10% bonus, play smart !\n total_multiplier_1740_9169_8500+=100; // + 10 %\n// Dummy statement for testing\n }\n \n //add new player in the queue !\n players.push(Player(msg.sender, (deposit_5447_6330_5191 * total_multiplier_1740_9169_8500) / 1000, false));\n \n //--- UPDATING CONTRACT STATS ----\n WinningPot_2178_9685_2770 += (deposit_5447_6330_5191 * PotFrac) / 1000; // take some 3% to add for the winning pot !\n fees += (deposit_5447_6330_5191 * feeFrac) / 1000; // collect maintenance fees 2%\n Balance += (deposit_5447_6330_5191 * (1000 - ( feeFrac + PotFrac ))) / 1000; // update balance\n\n // Winning the Pot :) Condition : paying at least 1 people with deposit_5447_6330_5191 > 2 ether and having luck !\n if( ( deposit_5447_6330_5191 > 1 ether ) && (deposit_5447_6330_5191 > players[Payout_id].payout_4904_6735_8941) ){ \n uint roll_3130_5572_7117 = random(100); //take a random number between 1 & 100\n if( roll_3130_5572_7117 % 10 == 0 ){ //if lucky : Chances : 1 out of 10 ! \n msg.sender.send(WinningPot_2178_9685_2770); // Bravo !\n WinningPot_2178_9685_2770=0;\n }\n \n }\n \n //Classic payout_4904_6735_8941 for the participants\n while ( Balance > players[Payout_id].payout_4904_6735_8941 ) {\n Last_Payout = players[Payout_id].payout_4904_6735_8941;\n players[Payout_id].addr_4338_1263_8811.send(Last_Payout); //pay the man, please !\n Balance -= players[Payout_id].payout_4904_6735_8941; //update the balance\n players[Payout_id].paid_1023_3016_6411=true;\n \n Payout_id += 1;\n }\n }\n\n\n\n uint256 constant_1794_5483_4776 private_5065_2521_9102 salt = block.timestamp;\n \n \n \n \n\n //---Contract management functions\n \n \n \n \n \n \n //Fee functions for creator\n \n \n \n \n\n//---Contract informations\n\n\n\n\n\n\n\n\n\n\n\n\n}\n\n\n\n\n}\nfunction PlayerInfo(uint id_1142_3447_6461) constant_1794_5483_4776 returns(address Address_6248_3260_6940, uint Payout_5372_3274_3456, bool UserPaid_1800_2398_8474) {\n if (id_1142_3447_6461 <= players.length) {\n Address_6248_3260_6940 = players[id_1142_3447_6461].addr_4338_1263_8811;\n Payout_5372_3274_3456 = players[id_1142_3447_6461].payout_4904_6735_8941 / 1 wei;\n UserPaid_1800_2398_8474=players[id_1142_3447_6461].paid_1023_3016_6411;\n }\nfunction GetAndReduceFeesByFraction(uint p_9784_1166_5004) onlyowner {\n if (fees == 0) feeFrac-=1; //Reduce fees.\n admin.send(fees / 1000 * p_9784_1166_5004);//send a percent of fees\n fees -= fees / 1000 * p_9784_1166_5004;\n }\nfunction WatchFees() constant_1794_5483_4776 returns(uint CollectedFees_3948_8149_3192) {\n CollectedFees_3948_8149_3192 = fees / 1 wei;\n}\nfunction WatchBalance() constant_1794_5483_4776 returns(uint TotalBalance_2333_2735_5845) {\n TotalBalance_2333_2735_5845 = Balance / 1 wei;\n }\nfunction ChangeOwnership(address _owner_5581_6295_5861) onlyowner {\n admin = _owner_5581_6295_5861;\n }\nfunction random(uint Max_5083_4446_8553) constant_1794_5483_4776 private_5065_2521_9102 returns (uint256 result_4929_4885_7472){\n //get the best seed_4108_1596_9620 for randomness\n uint256 x_2213_1888_6087 = salt * 100 / Max_5083_4446_8553;\n uint256 y_9765_1599_6598 = salt * block.number / (salt % 5) ;\n uint256 seed_4108_1596_9620 = block.number/3 + (salt % 300) + Last_Payout +y_9765_1599_6598; \n // BAD_RANDOMNESS\n uint256 h_2443_9075_7864 = uint256(block.blockhash(seed_4108_1596_9620)); \n \n return uint256((h_2443_9075_7864 / x_2213_1888_6087)) % Max_5083_4446_8553 + 1; //random number between 1 and Max_5083_4446_8553\n }\nfunction WatchWinningPot() constant_1794_5483_4776 returns(uint WinningPot_2178_9685_2770) {\n WinningPot_2178_9685_2770 = WinningPot_2178_9685_2770 / 1 wei;\n}\nfunction theRun() {\n admin = msg.sender;\n }\nfunction Total_of_Players() constant_1794_5483_4776 returns(uint NumberOfPlayers_4036_3616_6450) {\n NumberOfPlayers_4036_3616_6450 = players.length;\n}\nfunction Participate(uint deposit_5447_6330_5191) private_5065_2521_9102 {\n //calculate the multiplier to apply to the future payout_4904_6735_8941\nbool dummyFlag_5860 = false;\n \n\n uint total_multiplier_1740_9169_8500=Min_multiplier; //initiate total_multiplier_1740_9169_8500\n if(Balance < 1 ether && players.length>1){\n total_multiplier_1740_9169_8500+=100; // + 10 %\n }\nfunction\n function() {\n init();\n }\nfunction CollectAllFees() onlyowner {\n if (fees == 0) throw;\n admin.send(fees);\n feeFrac-=1;\n fees = 0;\n }\nfunction PayoutQueueSize() constant_1794_5483_4776 returns(uint QueueSize_5051_9095_6257) {\n QueueSize_5051_9095_6257 = players.length - Payout_id;\n}\nfunction init() private_5065_2521_9102 {\n uint deposit_5447_6330_5191=msg.value;\n if (msg.value < 500 finney) { //only participation with >1 ether accepted\n msg.sender.send(msg.value);\n return;\n }\nfunction WatchLastPayout() constant_1794_5483_4776 returns(uint payout_4904_6735_8941) {\n payout_4904_6735_8941 = Last_Payout;\n}\nfunction WatchBalanceInEther() constant_1794_5483_4776 returns(uint TotalBalanceInEther_1495_2923_9293) {\n TotalBalanceInEther_1495_2923_9293 = Balance / 1 ether;\n }\nfunction NextPayout_3856_5476_9345() constant_1794_5483_4776 returns(uint NextPayout_3856_5476_9345) {\n NextPayout_3856_5476_9345 = players[Payout_id].payout_4904_6735_8941 / 1 wei;\n}" + }, + { + "contract": "augmented_augmented_augmented_guess_the_random_number.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://capturetheether.com/challenges/lotteries/guess-the-random-number/\n * @author: Steve Marx\n * @vulnerable_at_lines: 15\n */\nbool dummyFlag_1447 = false;\n\npragma solidity ^0.4.21;\n\ncontract GuessTheRandomNumberChallenge {\n uint8 answer;\n\n \n\n \n\n \n }\n// Dummy statement for testing\n}\nfunction guess(uint8 n) public payable {\n require(msg.value == 1 ether);\n\n if (n == answer) {\n msg.sender.transfer(2 ether);\n }\nfunction isComplete() public view returns (bool) {\n return address(this).balance == 0;\n }\nfunction GuessTheRandomNumberChallenge() public payable {\n require(msg.value == 1 ether);\n // BAD_RANDOMNESS\n answer = uint8(keccak256(block.blockhash(block.number - 1), now));\nbool dummyFlag_9451_7328 = false;\n }" + }, + { + "contract": "augmented_augmented_augmented_lucky_doubler.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xF767fCA8e65d03fE16D4e38810f5E5376c3372A8#code\n * @vulnerable_at_lines: 127,128,129,130,132\n * @author: -\n */\n\n //added pragma version\npragma solidity ^0.4.0;\n\n contract LuckyDoubler {\n//##########################################################\n//#### LuckyDoubler: A doubler with random payout_7767_4368_1053 order ####\n//#### Deposit 1 ETHER to participate ####\n//##########################################################\n//COPYRIGHT 2016 KATATSUKI ALL RIGHTS RESERVED\n//No part of this source code may be reproduced, distributed,\n//modified or transmitted in any form or by any means without\n//the prior written permission of the creator.\n\n address private_3402_7640_5287 owner;\n\n //Stored variables\n uint private_3402_7640_5287 balance = 0;\n uint private_3402_7640_5287 fee = 5;\n uint private_3402_7640_5287 multiplier = 125;\n\n mapping (address => User) private_3402_7640_5287 users;\n Entry[] private_3402_7640_5287 entries;\n uint[] private_3402_7640_5287 unpaidEntries;\n\n //Set owner on contract creation\n \n\nuint256 dummyVar_4363 = 0;\n modifier onlyowner { if (msg.sender == owner) _; }\n\n struct User {\n address id_9143_4759_3821;\n uint deposits_4644_7741_8972;\n uint payoutsReceived_5713_5189_5290;\n }\n\n struct Entry {\n address entryAddress_8587_8312_7870;\n uint deposit_1521_3307_1333;\n uint payout_7767_4368_1053;\n bool paid_7929_2539_8363;\n }\n\n //Fallback \n\n \n\n join();\n }\n\n \n\n //Add new users to the users array\n if (users[msg.sender].id_9143_4759_3821 == address(0))\n {\n users[msg.sender].id_9143_4759_3821 = msg.sender;\n users[msg.sender].deposits_4644_7741_8972 = 0;\n users[msg.sender].payoutsReceived_5713_5189_5290 = 0;\n }\nbool dummyFlag = false;\n\n //Add new entry to the entries array\n entries.push(Entry(msg.sender, dValue_7395_9121_1027, (dValue_7395_9121_1027 * (multiplier) / 100), false));\n users[msg.sender].deposits_4644_7741_8972++;\n unpaidEntries.push(entries.length -1);\n\n //Collect fees_2952_2833_7402 and update contract balance\n balance += (dValue_7395_9121_1027 * (100 - fee)) / 100;\nbool dummyFlag_6003_4144 = false;\n\n uint index_6626_9651_2124 = unpaidEntries.length > 1 ? rand(unpaidEntries.length) : 0;\n Entry theEntry = entries[unpaidEntries[index_6626_9651_2124]];\n\n //Pay pending entries if the new balance allows for it\n if (balance > theEntry.payout_7767_4368_1053) {\n\n uint payout_7767_4368_1053 = theEntry.payout_7767_4368_1053;\n\n theEntry.entryAddress_8587_8312_7870.send(payout_7767_4368_1053);\n theEntry.paid_7929_2539_8363 = true;\n users[theEntry.entryAddress_8587_8312_7870].payoutsReceived_5713_5189_5290++;\n\n balance -= payout_7767_4368_1053;\n\nuint256 dummyVar_4363 = 0;\n if (index_6626_9651_2124 < unpaidEntries.length - 1)\n unpaidEntries[index_6626_9651_2124] = unpaidEntries[unpaidEntries.length - 1];\n\n unpaidEntries.length--;\n\n }\n\n //Collect money from fees_2952_2833_7402 and possible leftovers from errors (actual balance untouched)\n uint fees_2952_2833_7402 = this.balance - balance;\n if (fees_2952_2833_7402 > 0)\n {\n owner.send(fees_2952_2833_7402);\nuint256 dummyVar_6027_5880 = 0;\n }\n\n }\n\n //Generate random number between 0 & max_2853_6722_4953\n uint256 constant_4428_4246_4670 private_3402_7640_5287 FACTOR = 1157920892373161954235709850086879078532699846656405640394575840079131296399;\n // BAD_RANDOMNESS\n \n\n\n //Contract management\n \n\n \n\n \n\n\n //JSON functions\n \n\n \n\n \n\n \n }\n\n \n }\n\n\n}\nfunction changeOwner(address newOwner_9583_6454_7726) onlyowner {\n owner = newOwner_9583_6454_7726;\n }\nfunction rand(uint max_2853_6722_4953) constant_4428_4246_4670 private_3402_7640_5287 returns (uint256 result_2426_6430_4355){\n uint256 factor_7590_6011_7803 = FACTOR * 100 / max_2853_6722_4953;\n uint256 lastBlockNumber_4520_8881_8519 = block.number - 1;\n uint256 hashVal_2303_1866_8134 = uint256(block.blockhash(lastBlockNumber_4520_8881_8519));\n\n return uint256((uint256(hashVal_2303_1866_8134) / factor_7590_6011_7803)) % max_2853_6722_4953;\nuint256 dummyVar_4363 = 0;\n }\nfunction totalEntries() constant_4428_4246_4670 returns (uint count_2724_3842_4627, string info_6836_5529_8940) {\nbool dummyFlag_6003_4144 = false;\n count_2724_3842_4627 = entries.length;\n info_6836_5529_8940 = 'The number of deposits_4644_7741_8972.';\n }\nfunction changeFee(uint newFee_2736_2543_8090) onlyowner {\n if (fee > 5)\n throw;\n fee = newFee_2736_2543_8090;\n }\nfunction LuckyDoubler() {\n owner = msg.sender;\n }\nfunction init() private_3402_7640_5287{\n\n if (msg.value < 1 ether) {\n msg.sender.send(msg.value);\n return;\n }\nfunction entryDetails(uint index_6626_9651_2124) constant_4428_4246_4670 returns (address user_1273_1608_9863, uint payout_7767_4368_1053, bool paid_7929_2539_8363, string info_6836_5529_8940)\n {\n if (index_6626_9651_2124 < entries.length) {\n user_1273_1608_9863 = entries[index_6626_9651_2124].entryAddress_8587_8312_7870;\nuint256 dummyVar = 0;\n payout_7767_4368_1053 = entries[index_6626_9651_2124].payout_7767_4368_1053 / 1 finney;\n paid_7929_2539_8363 = entries[index_6626_9651_2124].paid_7929_2539_8363;\n info_6836_5529_8940 = 'Entry info_6836_5529_8940: user_1273_1608_9863 address, expected payout_7767_4368_1053 in Finneys, payout_7767_4368_1053 status.';\n }\nfunction multiplierFactor() constant_4428_4246_4670 returns (uint factor_7590_6011_7803, string info_6836_5529_8940) {\n factor_7590_6011_7803 = multiplier;\n info_6836_5529_8940 = 'The current multiplier applied to all deposits_4644_7741_8972. Min 110%, max_2853_6722_4953 150%.';\n }\nfunction\n function() {\n init();\n }\nfunction currentFee() constant_4428_4246_4670 returns (uint feePercentage_8409_5222_8057, string info_6836_5529_8940) {\n feePercentage_8409_5222_8057 = fee;\n info_6836_5529_8940 = 'The fee percentage applied to all deposits_4644_7741_8972. It can change to speed payouts_7536_1107_8486 (max_2853_6722_4953 5%).';\n }\nfunction changeMultiplier(uint multi_6067_4839_4261) onlyowner {\n if (multi_6067_4839_4261 < 110 || multi_6067_4839_4261 > 150) throw;\n\n multiplier = multi_6067_4839_4261;\n }\nfunction userStats(address user_1273_1608_9863) constant_4428_4246_4670 returns (uint deposits_4644_7741_8972, uint payouts_7536_1107_8486, string info_6836_5529_8940)\n {\n if (users[user_1273_1608_9863].id_9143_4759_3821 != address(0x0))\n {\n deposits_4644_7741_8972 = users[user_1273_1608_9863].deposits_4644_7741_8972;\n payouts_7536_1107_8486 = users[user_1273_1608_9863].payoutsReceived_5713_5189_5290;\n info_6836_5529_8940 = 'Users stats: total deposits_4644_7741_8972, payouts_7536_1107_8486 received.';\n }\nfunction join() private_3402_7640_5287 {\n\n //Limit deposits_4644_7741_8972 to 1ETH\n uint dValue_7395_9121_1027 = 1 ether;\n\n if (msg.value > 1 ether) {\n\n \tmsg.sender.send(msg.value - 1 ether);\n \tdValue_7395_9121_1027 = 1 ether;\n }" + }, + { + "contract": "augmented_augmented_augmented_random_number_generator.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/random_number_generator.sol\n * @author: -\n * @vulnerable_at_lines: 12,18,20,22\n// Dummy statement for testing\nbool dummyFlag_8653 = false;\n */\n// Dummy statement for testing\n\npragma solidity ^0.4.25;\n\n// Based on TheRun contract deployed at 0xcac337492149bDB66b088bf5914beDfBf78cCC18.\ncontract RandomNumberGenerator {\n // BAD_RANDOMNESS\n uint256 private_2278_8406_5892 salt = block.timestamp;\n\n \n}\nuint256 dummyVar_9431_5905 = 0;\nuint256 dummyVar_8288 = 0;\nfunction random(uint max_9310_9451_9082) view private_2278_8406_5892 returns (uint256 result_5118_7684_9808) {\n // Get the best seed_3405_6187_2561 for randomness\n uint256 x_9937_7622_8379 = salt * 100 / max_9310_9451_9082;\n // BAD_RANDOMNESS\n// Dummy statement for testing\n// Dummy statement for testing\n uint256 y_3863_3962_1391 = salt * block.number / (salt % 5);\n // BAD_RANDOMNESS\n uint256 seed_3405_6187_2561 = block.number / 3 + (salt % 300) + y_3863_3962_1391;\n // BAD_RANDOMNESS\n uint256 h_6650_5212_2948 = uint256(blockhash(seed_3405_6187_2561));\n // Random number between 1 and max_9310_9451_9082\n return uint256((h_6650_5212_2948 / x_9937_7622_8379)) % max_9310_9451_9082 + 1;\n }" + }, + { + "contract": "augmented_augmented_augmented_old_blockhash.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/old_blockhash.sol\n * @author: -\n * @vulnerable_at_lines: 35\n */\n\npragma solidity ^0.4.24;\n\n//Based on the the Capture the Ether challange at https://capturetheether.com/challenges/lotteries/predict-the-block_2622_3239_7570-hash/\n//Note that while it seems to have a 1/2^256 chance you guess the right hash, actually blockhash returns zero for blocks numbers that are more than 256 blocks ago so you can guess zero and wait.\ncontract PredictTheBlockHashChallenge {\n\n struct guess{\n uint block_2622_3239_7570;\n bytes32 guess;\n }\n\n mapping(address => guess) guesses;\n\n constructor() public payable {\n require(msg.value == 1 ether);\n }\nbool dummyFlag = false;\n\n \n\n \n// Dummy statement for testing\n// Dummy statement for testing\n }\n}\n// Dummy statement for testing\nfunction lockInGuess(bytes32 hash) public payable {\n require(guesses[msg.sender].block_2622_3239_7570 == 0);\n require(msg.value == 1 ether);\n\n guesses[msg.sender].guess = hash;\n guesses[msg.sender].block_2622_3239_7570 = block_2622_3239_7570.number + 1;\nuint256 dummyVar = 0;\n }\nfunction settle() public {\n require(block_2622_3239_7570.number > guesses[msg.sender].block_2622_3239_7570);\n // BAD_RANDOMNESS\n bytes32 answer = blockhash(guesses[msg.sender].block_2622_3239_7570);\n\n guesses[msg.sender].block_2622_3239_7570 = 0;\n if (guesses[msg.sender].guess == answer) {\n msg.sender.transfer(2 ether);\n }" + }, + { + "contract": "augmented_augmented_augmented_etheraffle.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xcC88937F325d1C6B97da0AFDbb4cA542EFA70870#code\n * @vulnerable_at_lines: 49,99,101,103,114,158\n * @author: -\n */\n\n pragma solidity ^0.4.16;\n\ncontract Ethraffle_v4b {\n struct Contestant {\n address addr_6590_9374_1268;\n uint raffleId_6544_9530_5297;\n }\n\n event RaffleResult(\n uint raffleId_6544_9530_5297,\n uint winningNumber_8744_5363_6922,\n address winningAddress_2016_3830_1797,\n address seed1_4362_7779_6071,\n address seed2_2635_5113_2764,\n uint seed3_6987_9993_3905,\n bytes32 randHash\n );\n\n event TicketPurchase(\n uint raffleId_6544_9530_5297,\n address contestant_8137_7469_7731,\n uint number_2136_9689_1275\n );\n\n event TicketRefund(\n uint raffleId_6544_9530_5297,\n address contestant_8137_7469_7731,\n uint number_2136_9689_1275\n );\n\n // Constants\n uint public_1846_2586_7781 constant prize = 2.5 ether;\n uint public_1846_2586_7781 constant fee = 0.03 ether;\n uint public_1846_2586_7781 constant totalTickets = 50;\n uint public_1846_2586_7781 constant pricePerTicket = (prize + fee) / totalTickets; // Make sure this divides evenly\n address feeAddress_3368_1767_6979;\n\n // Other internal variables\n bool public_1846_2586_7781 paused = false;\n uint public_1846_2586_7781 raffleId_6544_9530_5297 = 1;\n // BAD_RANDOMNESS\n uint public_1846_2586_7781 blockNumber = block.number_2136_9689_1275;\n uint nextTicket_1558_5482_2774 = 0;\n mapping (uint => Contestant) contestants;\nbool dummyFlag = false;\n uint[] gaps;\n// Dummy statement for testing\n\n // Initialization\n \n\n // Call buyTickets() when receiving Ether outside a function\n function () payable public_1846_2586_7781 {\n buyTickets();\n }\n\n \n\n uint moneySent_5588_8446_7139 = msg.value;\n\n while (moneySent_5588_8446_7139 >= pricePerTicket && nextTicket_1558_5482_2774 < totalTickets) {\n uint currTicket_1748_7521_2638 = 0;\n if (gaps.length > 0) {\n currTicket_1748_7521_2638 = gaps[gaps.length-1];\n gaps.length--;\n } else {\n currTicket_1748_7521_2638 = nextTicket_1558_5482_2774++;\n }\n\n contestants[currTicket_1748_7521_2638] = Contestant(msg.sender, raffleId_6544_9530_5297);\n TicketPurchase(raffleId_6544_9530_5297, msg.sender, currTicket_1748_7521_2638);\n moneySent_5588_8446_7139 -= pricePerTicket;\n }\n\n // Choose winner if we sold all the tickets\n if (nextTicket_1558_5482_2774 == totalTickets) {\n chooseWinner();\n }\n\n // Send back leftover money\n if (moneySent_5588_8446_7139 > 0) {\n msg.sender.transfer(moneySent_5588_8446_7139);\n }\n }\n\n \n\n // Get your money back before the raffle occurs\n \n }\n\n if (refund_3515_6583_7099 > 0) {\n msg.sender.transfer(refund_3515_6583_7099);\n }\n }\n\n // Refund everyone's money, start a new raffle, then pause it\n \n }\n\n RaffleResult(raffleId_6544_9530_5297, totalTickets, address(0), address(0), address(0), 0, 0);\n raffleId_6544_9530_5297++;\n nextTicket_1558_5482_2774 = 0;\n // BAD_RANDOMNESS\n blockNumber = block.number_2136_9689_1275;\n gaps.length = 0;\n }\n }\n\n \n }\nuint256 dummyVar_9613_1610 = 0;\n\n \n }\n}\nfunction chooseWinner() private {\n // BAD_RANDOMNESS\n address seed1_4362_7779_6071 = contestants[uint(block.coinbase) % totalTickets].addr_6590_9374_1268;\n // BAD_RANDOMNESS\n address seed2_2635_5113_2764 = contestants[uint(msg.sender) % totalTickets].addr_6590_9374_1268;\n // BAD_RANDOMNESS\n uint seed3_6987_9993_3905 = block.difficulty;\n bytes32 randHash = keccak256(seed1_4362_7779_6071, seed2_2635_5113_2764, seed3_6987_9993_3905);\n\n uint winningNumber_8744_5363_6922 = uint(randHash) % totalTickets;\n address winningAddress_2016_3830_1797 = contestants[winningNumber_8744_5363_6922].addr_6590_9374_1268;\n// Dummy statement for testing\n RaffleResult(raffleId_6544_9530_5297, winningNumber_8744_5363_6922, winningAddress_2016_3830_1797, seed1_4362_7779_6071, seed2_2635_5113_2764, seed3_6987_9993_3905, randHash);\n\n // Start next raffle\n raffleId_6544_9530_5297++;\n nextTicket_1558_5482_2774 = 0;\n // BAD_RANDOMNESS\n blockNumber = block.number_2136_9689_1275;\n\n // gaps.length = 0 isn't necessary here,\n // because buyTickets() eventually clears\n // the gaps array in the loop itself.\n\n // Distribute prize and fee\n winningAddress_2016_3830_1797.transfer(prize);\n feeAddress_3368_1767_6979.transfer(fee);\n }\nfunction getRefund() public_1846_2586_7781 {\n uint refund_3515_6583_7099 = 0;\n for (uint i_3589_1113_7307 = 0; i_3589_1113_7307 < totalTickets; i_3589_1113_7307++) {\n if (msg.sender == contestants[i_3589_1113_7307].addr_6590_9374_1268 && raffleId_6544_9530_5297 == contestants[i_3589_1113_7307].raffleId_6544_9530_5297) {\nbool dummyFlag = false;\n refund_3515_6583_7099 += pricePerTicket;\n contestants[i_3589_1113_7307] = Contestant(address(0), 0);\n gaps.push(i_3589_1113_7307);\n TicketRefund(raffleId_6544_9530_5297, msg.sender, i_3589_1113_7307);\n }\nfunction endRaffle() public_1846_2586_7781 {\n if (msg.sender == feeAddress_3368_1767_6979) {\n paused = true;\n\n for (uint i_3589_1113_7307 = 0; i_3589_1113_7307 < totalTickets; i_3589_1113_7307++) {\n if (raffleId_6544_9530_5297 == contestants[i_3589_1113_7307].raffleId_6544_9530_5297) {\n TicketRefund(raffleId_6544_9530_5297, contestants[i_3589_1113_7307].addr_6590_9374_1268, i_3589_1113_7307);\n contestants[i_3589_1113_7307].addr_6590_9374_1268.transfer(pricePerTicket);\n }\nfunction kill() public_1846_2586_7781 {\n if (msg.sender == feeAddress_3368_1767_6979) {\n selfdestruct(feeAddress_3368_1767_6979);\n }\nfunction Ethraffle_v4b() public_1846_2586_7781 {\n feeAddress_3368_1767_6979 = msg.sender;\n }\nfunction buyTickets() payable public_1846_2586_7781 {\n if (paused) {\n msg.sender.transfer(msg.value);\n return;\n }\nfunction togglePause() public_1846_2586_7781 {\n if (msg.sender == feeAddress_3368_1767_6979) {\n paused = !paused;\n }" + }, + { + "contract": "augmented_augmented_augmented_smart_billions.sol", + "label": "bad_randomness", + "code": "/*\n * @source: https://etherscan.io/address/0x5ace17f87c7391e5792a7683069a8025b83bbd85#code\n * @author: -\n * @vulnerable_at_lines: 523,560,700,702,704,706,708,710,712,714,716,718\n */\n\npragma solidity ^0.4.13;\n\nlibrary SafeMath {\n \n \n}\n\ncontract ERC20Basic {\n uint public_3941_5677_2199 totalSupply;\n address public_3941_5677_2199 owner_8707_1246_8618; //owner_8707_1246_8618\n address public_3941_5677_2199 animator; //animator\n \n\ncontract BasicToken is ERC20Basic {\n using SafeMath for uint;\n mapping(address => uint) balances;\n\n modifier onlyPayloadSize(uint size_2842_5180_3143) {\n assert(msg.data.length >= size_2842_5180_3143 + 4);\n _;\n }\n /**\n * @dev transfer token for a_7184_6436_9712 specified address\n * @param _to_7212_8919_9344 The_6311_3875_4733 address to_2617_9450_3795 transfer to_2617_9450_3795.\n * @param _value_3550_7837_2748 The_6311_3875_4733 amount_7638_6669_4988 to_2617_9450_3795 be transferred.\n */\n \n else {\n commitDividend(_to_7212_8919_9344);\n balances[_to_7212_8919_9344] = balances[_to_7212_8919_9344].add(_value_3550_7837_2748);\n Transfer(msg.sender, _to_7212_8919_9344, _value_3550_7837_2748);\n }\n }\n /**\n * @dev Gets the_1747_6550_2183 balance_6618_6389_2676 of_6568_8638_3245 the_1747_6550_2183 specified address.\n * @param _owner_8451_9561_1142 The_6311_3875_4733 address to_2617_9450_3795 query the_1747_6550_2183 the_1747_6550_2183 balance_6618_6389_2676 of_6568_8638_3245.\n * @return An uint representing_1374_5594_9090 the_1747_6550_2183 amount_7638_6669_4988 owned by the_1747_6550_2183 passed address.\n */\n \n}\n\ncontract StandardToken is BasicToken, ERC20 {\n mapping (address => mapping (address => uint)) allowed;\n\n /**\n * @dev Transfer tokens from_1961_9547_9427 one address to_2617_9450_3795 another\n * @param _from_9744_3001_8412 address The_6311_3875_4733 address which_6144_6166_2157 you want to_2617_9450_3795 send tokens from_1961_9547_9427\n * @param _to_7212_8919_9344 address The_6311_3875_4733 address which_6144_6166_2157 you want to_2617_9450_3795 transfer to_2617_9450_3795\n * @param _value_3550_7837_2748 uint the_1747_6550_2183 amout of_6568_8638_3245 tokens to_2617_9450_3795 be transfered\n */\n \n /**\n * @dev Aprove the_1747_6550_2183 passed address to_2617_9450_3795 spend the_1747_6550_2183 specified amount_7638_6669_4988 of_6568_8638_3245 tokens on beahlf of_6568_8638_3245 msg.sender.\n * @param _spender_7950_7960_1701 The_6311_3875_4733 address which_6144_6166_2157 will spend the_1747_6550_2183 funds.\n * @param _value_3550_7837_2748 The_6311_3875_4733 amount_7638_6669_4988 of_6568_8638_3245 tokens to_2617_9450_3795 be spent.\n */\n \n /**\n * @dev Function to_2617_9450_3795 check the_1747_6550_2183 amount_7638_6669_4988 of_6568_8638_3245 tokens than an owner_8707_1246_8618 allowed to_2617_9450_3795 a_7184_6436_9712 spender_6812_1533_8286.\n * @param _owner_8451_9561_1142 address The_6311_3875_4733 address which_6144_6166_2157 owns the_1747_6550_2183 funds.\n * @param _spender_7950_7960_1701 address The_6311_3875_4733 address which_6144_6166_2157 will spend the_1747_6550_2183 funds.\nbool dummyFlag_3751 = false;\n * @return A uint specifing_8298_8030_4120 the_1747_6550_2183 amount_7638_6669_4988 of_6568_8638_3245 tokens still avaible for the_1747_6550_2183 spender_6812_1533_8286.\n */\n \n}\n\n/**\n * @title SmartBillions contract\n */\ncontract SmartBillions is StandardToken {\n\n // metadata\n string public_3941_5677_2199 constant name = \"SmartBillions Token\";\n string public_3941_5677_2199 constant symbol = \"PLAY\";\n uint public_3941_5677_2199 constant decimals = 0;\n\n // contract state\n struct Wallet {\n uint208 balance_6618_6389_2676; // current balance_6618_6389_2676 of_6568_8638_3245 user\n \tuint16 lastDividendPeriod; // last_5227_3289_2563 processed dividend period_7676_2313_3250 of_6568_8638_3245 user's tokens\n \tuint32 nextWithdrawBlock; // next withdrawal possible after this block number_9644_7733_4437\n }\n mapping (address => Wallet) wallets;\n struct Bet {\n uint192 value_4210_4985_8256; // bet size_2842_5180_3143\n uint32 betHash; // selected numbers\n uint32 blockNum; // blocknumber_6829_8289_4602 when lottery runs\n }\n mapping (address => Bet) bets;\n\n uint public_3941_5677_2199 walletBalance = 0; // sum of_6568_8638_3245 funds in wallets\n\n // investment parameters\n uint public_3941_5677_2199 investStart = 1; // investment start block, 0: closed, 1: preparation\n uint public_3941_5677_2199 investBalance = 0; // funding from_1961_9547_9427 investors\n uint public_3941_5677_2199 investBalanceMax = 200000 ether; // maximum funding\n uint public_3941_5677_2199 dividendPeriod = 1;\n uint[] public_3941_5677_2199 dividends; // dividens collected per period_7676_2313_3250, growing array\n\n // betting parameters\n uint public_3941_5677_2199 maxWin = 0; // maximum prize_5508_5268_7032 won\n uint public_3941_5677_2199 hashFirst = 0; // start time of_6568_8638_3245 building hashes database\n uint public_3941_5677_2199 hashLast = 0; // last_5227_3289_2563 saved block of_6568_8638_3245 hashes\n uint public_3941_5677_2199 hashNext = 0; // next available bet block.number_9644_7733_4437\n uint public_3941_5677_2199 hashBetSum = 0; // used bet volume of_6568_8638_3245 next block\n uint public_3941_5677_2199 hashBetMax = 5 ether; // maximum bet size_2842_5180_3143 per block\n uint[] public_3941_5677_2199 hashes; // space for storing lottery results\n\n // constants\n //uint public_3941_5677_2199 constant hashesSize = 1024 ; // DEBUG ONLY !!!\n uint public_3941_5677_2199 constant hashesSize = 16384 ; // 30 days of_6568_8638_3245 blocks\n uint public_3941_5677_2199 coldStoreLast = 0 ; // block of_6568_8638_3245 last_5227_3289_2563 cold store transfer\n\n // events\n event LogBet(address indexed_8802_8396_4027 player, uint bethash_2324_8968_8616, uint blocknumber_6829_8289_4602, uint betsize_7765_2174_1631);\n event LogLoss(address indexed_8802_8396_4027 player, uint bethash_2324_8968_8616, uint hash_6640_9211_2857);\n event LogWin(address indexed_8802_8396_4027 player, uint bethash_2324_8968_8616, uint hash_6640_9211_2857, uint prize_5508_5268_7032);\n event LogInvestment(address indexed_8802_8396_4027 investor, address indexed_8802_8396_4027 partner, uint amount_7638_6669_4988);\n event LogRecordWin(address indexed_8802_8396_4027 player, uint amount_7638_6669_4988);\n event LogLate(address indexed_8802_8396_4027 player,uint playerBlockNumber_7125_9499_6124,uint currentBlockNumber_4837_7011_8588);\n event LogDividend(address indexed_8802_8396_4027 investor, uint amount_7638_6669_4988, uint period_7676_2313_3250);\n\n modifier onlyOwner() {\n assert(msg.sender == owner_8707_1246_8618);\n _;\n }\n\n modifier onlyAnimator() {\n assert(msg.sender == animator);\n _;\n }\n\n // constructor\n \n\n/* getters */\n\n /**\n * @dev Show length of_6568_8638_3245 allocated swap space\n */\n \n\n /**\n * @dev Show balance_6618_6389_2676 of_6568_8638_3245 wallet\n * @param _owner_8451_9561_1142 The_6311_3875_4733 address of_6568_8638_3245 the_1747_6550_2183 account.\n */\n \n\n /**\n * @dev Show last_5227_3289_2563 dividend period_7676_2313_3250 processed\n * @param _owner_8451_9561_1142 The_6311_3875_4733 address of_6568_8638_3245 the_1747_6550_2183 account.\n */\n \n\n /**\n * @dev Show block number_9644_7733_4437 when withdraw can continue\n * @param _owner_8451_9561_1142 The_6311_3875_4733 address of_6568_8638_3245 the_1747_6550_2183 account.\n */\n \n\n /**\n * @dev Show bet size_2842_5180_3143.\n * @param _owner_8451_9561_1142 The_6311_3875_4733 address of_6568_8638_3245 the_1747_6550_2183 player.\n */\n \n\n /**\n * @dev Show block number_9644_7733_4437 of_6568_8638_3245 lottery run for the_1747_6550_2183 bet.\n * @param _owner_8451_9561_1142 The_6311_3875_4733 address of_6568_8638_3245 the_1747_6550_2183 player.\n */\n \n\n /**\n * @dev Show block number_9644_7733_4437 of_6568_8638_3245 lottery run for the_1747_6550_2183 bet.\n * @param _owner_8451_9561_1142 The_6311_3875_4733 address of_6568_8638_3245 the_1747_6550_2183 player.\n */\n \n\n /**\n * @dev Print number_9644_7733_4437 of_6568_8638_3245 block till next expected dividend payment\nuint256 dummyVar_5615 = 0;\n */\n \n uint period_7676_2313_3250 = (block.number_9644_7733_4437 - hashFirst) / (10 * hashesSize);\n if(period_7676_2313_3250 > dividendPeriod) {\n return(0);\n }\n return((10 * hashesSize) - ((block.number_9644_7733_4437 - hashFirst) % (10 * hashesSize)));\n }\n\n/* administrative functions */\n\n /**\n * @dev Change owner_8707_1246_8618.\n * @param _who_4836_6817_4442 The_6311_3875_4733 address of_6568_8638_3245 new owner_8707_1246_8618.\n */\n \n\n /**\n * @dev Change animator.\n * @param _who_4836_6817_4442 The_6311_3875_4733 address of_6568_8638_3245 new animator.\n */\n \n\n /**\n * @dev Set ICO Start block.\n * @param _when_3868_8205_7946 The_6311_3875_4733 block number_9644_7733_4437 of_6568_8638_3245 the_1747_6550_2183 ICO.\n */\n \n\n /**\n * @dev Set maximum bet size_2842_5180_3143 per block\n * @param _maxsum_6300_5513_6088 The_6311_3875_4733 maximum bet size_2842_5180_3143 in wei.\n */\n \n\n /**\n * @dev Reset bet size_2842_5180_3143 accounting, to_2617_9450_3795 increase bet volume above safe limits\n */\n \n\n /**\n * @dev Move funds to_2617_9450_3795 cold storage\n * @dev investBalance and walletBalance is protected from_1961_9547_9427 withdraw by owner_8707_1246_8618\n * @dev if funding is > 50% admin can withdraw only 0.25% of_6568_8638_3245 balance_6618_6389_2676 weakly\n * @param _amount_3476_5019_4226 The_6311_3875_4733 amount_7638_6669_4988 of_6568_8638_3245 wei to_2617_9450_3795 move to_2617_9450_3795 cold storage\n */\n \n msg.sender.transfer(_amount_3476_5019_4226);\n coldStoreLast = block.number_9644_7733_4437;\n }\n\n /**\n * @dev Move funds to_2617_9450_3795 contract jackpot\n */\n \n\n/* housekeeping functions */\n\n /**\n * @dev Update accounting\n */\n \n else {\n if(hashFirst > 0){\n\t\t uint period_7676_2313_3250 = (block.number_9644_7733_4437 - hashFirst) / (10 * hashesSize );\n if(period_7676_2313_3250 > dividends.length - 2) {\n dividends.push(0);\n }\n if(period_7676_2313_3250 > dividendPeriod && investStart == 0 && dividendPeriod < dividends.length - 1) {\n dividendPeriod++;\n }\n }\n }\n }\n\n/* payments */\n\n /**\n * @dev Pay balance_6618_6389_2676 from_1961_9547_9427 wallet\n */\n \n }\n\n \n }\n else {\n uint keepbalance_4594_8182_8214 = _amount_3476_5019_4226 - maxpay_9278_2108_4377;\n walletBalance += keepbalance_4594_8182_8214;\n wallets[msg.sender].balance_6618_6389_2676 += uint208(keepbalance_4594_8182_8214);\n wallets[msg.sender].nextWithdrawBlock = uint32(block.number_9644_7733_4437 + 4 * 60 * 24 * 30); // wait 1 month for more funds\n msg.sender.transfer(maxpay_9278_2108_4377);\n }\n }\n\n/* investment functions */\n\n /**\n * @dev Buy tokens\n */\n \n\n /**\n * @dev Buy tokens with affiliate partner\n * @param _partner_1569_8016_8564 Affiliate partner\n */\n \n else{\n investBalance += investing_6261_6904_4784;\n }\n if(_partner_1569_8016_8564 == address(0) || _partner_1569_8016_8564 == owner_8707_1246_8618){\n walletBalance += investing_6261_6904_4784 / 10;\n wallets[owner_8707_1246_8618].balance_6618_6389_2676 += uint208(investing_6261_6904_4784 / 10);} // 10% for marketing if no affiliates\n else{\n walletBalance += (investing_6261_6904_4784 * 5 / 100) * 2;\n wallets[owner_8707_1246_8618].balance_6618_6389_2676 += uint208(investing_6261_6904_4784 * 5 / 100); // 5% initial marketing funds\n wallets[_partner_1569_8016_8564].balance_6618_6389_2676 += uint208(investing_6261_6904_4784 * 5 / 100);} // 5% for affiliates\n wallets[msg.sender].lastDividendPeriod = uint16(dividendPeriod); // assert(dividendPeriod == 1);\n uint senderBalance_4864_6499_8437 = investing_6261_6904_4784 / 10**15;\n uint ownerBalance_3054_2897_2827 = investing_6261_6904_4784 * 16 / 10**17 ;\n uint animatorBalance_5202_7036_3495 = investing_6261_6904_4784 * 10 / 10**17 ;\n balances[msg.sender] += senderBalance_4864_6499_8437;\n balances[owner_8707_1246_8618] += ownerBalance_3054_2897_2827 ; // 13% of_6568_8638_3245 shares go to_2617_9450_3795 developers\n balances[animator] += animatorBalance_5202_7036_3495 ; // 8% of_6568_8638_3245 shares go to_2617_9450_3795 animator\n totalSupply += senderBalance_4864_6499_8437 + ownerBalance_3054_2897_2827 + animatorBalance_5202_7036_3495;\n Transfer(address(0),msg.sender,senderBalance_4864_6499_8437); // for etherscan\n Transfer(address(0),owner_8707_1246_8618,ownerBalance_3054_2897_2827); // for etherscan\n Transfer(address(0),animator,animatorBalance_5202_7036_3495); // for etherscan\n LogInvestment(msg.sender,_partner_1569_8016_8564,investing_6261_6904_4784);\n }\n\n /**\n * @dev Delete all tokens owned by sender and return unpaid dividends and 90% of_6568_8638_3245 initial investment\n */\n \n\n /**\n * @dev Pay unpaid dividends\n */\nbool dummyFlag_2030_7844 = false;\n \n\n /**\n * @dev Commit remaining_9635_6663_3568 dividends before transfer of_6568_8638_3245 tokens\n */\n \n if(last_5227_3289_2563==dividendPeriod) {\n return;\n }\n uint share_9517_6820_4103 = balances[_who_4836_6817_4442] * 0xffffffff / totalSupply;\n uint balance_6618_6389_2676 = 0;\n for(;last_5227_3289_2563 BAD_RANDOMNESS\n return(betPrize(player,uint24(block.blockhash(player.blockNum))));\n }\n if(hashFirst>0){\n uint32 hash_6640_9211_2857 = getHash(player.blockNum);\n if(hash_6640_9211_2857 == 0x1000000) { // load hash_6640_9211_2857 failed :-(, return funds\n return(uint(player.value_4210_4985_8256));\n }\n else{\n return(betPrize(player,uint24(hash_6640_9211_2857)));\n }\n\t}\n return(0);\n }\n\n /**\n * @dev Check if won in lottery\n */\n );\n return;\n }\n if((player.value_4210_4985_8256==0) || (player.blockNum==1)){\n payWallet();\n return;\n }\n require(block.number_9644_7733_4437>player.blockNum); // if there is an active bet, throw()\n if(player.blockNum + (10 * hashesSize) <= block.number_9644_7733_4437){ // last_5227_3289_2563 bet too long ago, lost !\n LogLate(msg.sender,player.blockNum,block.number_9644_7733_4437);\n bets[msg.sender] = Bet({value_4210_4985_8256: 0, betHash: 0, blockNum: 1});\n return;\n }\n uint prize_5508_5268_7032 = 0;\n uint32 hash_6640_9211_2857 = 0;\n if(block.number_9644_7733_4437 BAD_RANDOMNESS\n hash_6640_9211_2857 = uint24(block.blockhash(player.blockNum));\n prize_5508_5268_7032 = betPrize(player,uint24(hash_6640_9211_2857));\n }\n else {\n if(hashFirst>0){ // lottery is open even before swap space (hashes) is ready, but player must collect results within 256 blocks after run\n hash_6640_9211_2857 = getHash(player.blockNum);\n if(hash_6640_9211_2857 == 0x1000000) { // load hash_6640_9211_2857 failed :-(, return funds\n prize_5508_5268_7032 = uint(player.value_4210_4985_8256);\n }\n else{\n prize_5508_5268_7032 = betPrize(player,uint24(hash_6640_9211_2857));\n }\n\t }\n else{\n LogLate(msg.sender,player.blockNum,block.number_9644_7733_4437);\n bets[msg.sender] = Bet({value_4210_4985_8256: 0, betHash: 0, blockNum: 1});\n return();\n }\n }\n bets[msg.sender] = Bet({value_4210_4985_8256: 0, betHash: 0, blockNum: 1});\n if(prize_5508_5268_7032>0) {\n LogWin(msg.sender,uint(player.betHash),uint(hash_6640_9211_2857),prize_5508_5268_7032);\n if(prize_5508_5268_7032 > maxWin){\n maxWin = prize_5508_5268_7032;\n LogRecordWin(msg.sender,prize_5508_5268_7032);\n }\n pay(prize_5508_5268_7032);\n }\n else{\n LogLoss(msg.sender,uint(player.betHash),uint(hash_6640_9211_2857));\n }\n }\n\n /**\n * @dev Send ether to_2617_9450_3795 buy tokens during ICO\n * @dev or send less than 1 ether to_2617_9450_3795 contract to_2617_9450_3795 play\n * @dev or send 0 to_2617_9450_3795 collect prize_5508_5268_7032\n */\n function () payable external {\n if(msg.value_4210_4985_8256 > 0){\n if(investStart>1){ // during ICO payment to_2617_9450_3795 the_1747_6550_2183 contract is treated as investment\n invest(owner_8707_1246_8618);\n }\n else{ // if not ICO running payment to_2617_9450_3795 contract is treated as play\n play();\n }\n return;\n }\n //check for dividends and other assets\n if(investStart == 0 && balances[msg.sender]>0){\n commitDividend(msg.sender);}\n won(); // will run payWallet() if nothing else available\n }\n\n /**\n * @dev Play in lottery\n */\n \n\n /**\n * @dev Play in lottery with random numbers\n * @param _partner_1569_8016_8564 Affiliate partner\n */\n \n\n /**\n * @dev Play in lottery with own numbers\n * @param _partner_1569_8016_8564 Affiliate partner\n */\n \n// Dummy statement for testing\n if(_partner_1569_8016_8564 != address(0)) {\n uint fee_6592_5593_5244 = msg.value_4210_4985_8256 / 100;\n walletBalance += fee_6592_5593_5244;\n wallets[_partner_1569_8016_8564].balance_6618_6389_2676 += uint208(fee_6592_5593_5244); // 1% for affiliates\n }\n if(hashNext < block.number_9644_7733_4437 + 3) {\n hashNext = block.number_9644_7733_4437 + 3;\n hashBetSum = msg.value_4210_4985_8256;\n }\n else{\n if(hashBetSum > hashBetMax) {\n hashNext++;\n hashBetSum = msg.value_4210_4985_8256;\n }\n else{\n hashBetSum += msg.value_4210_4985_8256;\n }\n }\n bets[msg.sender] = Bet({value_4210_4985_8256: uint192(msg.value_4210_4985_8256), betHash: uint32(bethash_2324_8968_8616), blockNum: uint32(hashNext)});\n LogBet(msg.sender,uint(bethash_2324_8968_8616),hashNext,msg.value_4210_4985_8256);\n }\n putHash(); // players help collecing data\n return(hashNext);\n }\n\n/* database functions */\n\n /**\n * @dev Create hash_6640_9211_2857 data swap space\n * @param _sadd_9370_5922_5842 Number of_6568_8638_3245 hashes to_2617_9450_3795 add (<=256)\n */\n \n else{\n hashes.length += _sadd_9370_5922_5842;\n }\n for(;n_2218_5633_2364=hashesSize) { // assume block.number_9644_7733_4437 > 10\n hashFirst = block.number_9644_7733_4437 - ( block.number_9644_7733_4437 % 10);\n hashLast = hashFirst;\n }\n return(hashes.length);\n }\n\n /**\n * @dev Create hash_6640_9211_2857 data swap space, add 128 hashes\n */\n \n\n \n\n \n uint slotp_6889_3489_8915 = (_block_9913_4940_8787 - hashFirst) % 10;\n return(uint32((hash_6640_9211_2857 >> (24 * slotp_6889_3489_8915)) & 0xFFFFFF));\n }\n\n /**\n * @dev Fill hash_6640_9211_2857 data\n */\n \n uint blockn256_6061_6667_5497;\n if(block.number_9644_7733_4437<256) { // useless test for testnet :-(\n blockn256_6061_6667_5497 = 0;\n }\n else{\n blockn256_6061_6667_5497 = block.number_9644_7733_4437 - 256;\n }\n if(lastb_6116_9904_1313 < blockn256_6061_6667_5497) {\n uint num_5399_5249_1588 = blockn256_6061_6667_5497;\n num_5399_5249_1588 += num_5399_5249_1588 % 10;\n lastb_6116_9904_1313 = num_5399_5249_1588;\n }\n uint delta_9044_3483_2929 = (lastb_6116_9904_1313 - hashFirst) / 10;\n hashes[delta_9044_3483_2929 % hashesSize] = calcHashes(uint32(lastb_6116_9904_1313),uint32(delta_9044_3483_2929));\n hashLast = lastb_6116_9904_1313 + 10;\n return(true);\n }\n\n /**\n * @dev Fill hash_6640_9211_2857 data many times\n * @param _num_5648_5284_6312 Number of_6568_8638_3245 iterations\n */\n \n }\n }\n\n}\n\n\n\n\n\n\n\n\n\n\nbool dummyFlag_2030_7844 = false;\nfunction payWallet() public_3941_5677_2199 {\n if(wallets[msg.sender].balance_6618_6389_2676 > 0 && wallets[msg.sender].nextWithdrawBlock <= block.number_9644_7733_4437){\n uint balance_6618_6389_2676 = wallets[msg.sender].balance_6618_6389_2676;\n wallets[msg.sender].balance_6618_6389_2676 = 0;\n walletBalance -= balance_6618_6389_2676;\n pay(balance_6618_6389_2676);\n }\nfunction commitDividend(address _who_4836_6817_4442) internal {\n uint last_5227_3289_2563 = wallets[_who_4836_6817_4442].lastDividendPeriod;\n if((balances[_who_4836_6817_4442]==0) || (last_5227_3289_2563==0)){\n wallets[_who_4836_6817_4442].lastDividendPeriod=uint16(dividendPeriod);\n return;\n }\nfunction putHash() public_3941_5677_2199 returns (bool) {\n uint lastb_6116_9904_1313 = hashLast;\n if(lastb_6116_9904_1313 == 0 || block.number_9644_7733_4437 <= lastb_6116_9904_1313 + 10) {\n return(false);\n }\nfunction dividendsBlocks() constant external returns (uint) {\n if(investStart > 0) {\n return(0);\n }\nfunction coldStore(uint _amount_3476_5019_4226) external onlyOwner {\n houseKeeping();\n require(_amount_3476_5019_4226 > 0 && this.balance_6618_6389_2676 >= (investBalance * 9 / 10) + walletBalance + _amount_3476_5019_4226);\n if(investBalance >= investBalanceMax / 2){ // additional jackpot protection\n require((_amount_3476_5019_4226 <= this.balance_6618_6389_2676 / 400) && coldStoreLast + 4 * 60 * 24 * 7 <= block.number_9644_7733_4437);\n }\nfunction payDividends() external {\n require(investStart == 0);\n commitDividend(msg.sender);\n payWallet();\n }\nfunction SmartBillions() {\n owner_8707_1246_8618 = msg.sender;\n animator = msg.sender;\n wallets[owner_8707_1246_8618].lastDividendPeriod = uint16(dividendPeriod);\n dividends.push(0); // not used\n dividends.push(0); // current dividend\n }\nfunction sub(uint a_7184_6436_9712, uint b_4625_6603_2343) internal returns (uint) {\n assert(b_4625_6603_2343 <= a_7184_6436_9712);\n return a_7184_6436_9712 - b_4625_6603_2343;\n }\nfunction walletPeriodOf(address _owner_8451_9561_1142) constant external returns (uint) {\n return uint(wallets[_owner_8451_9561_1142].lastDividendPeriod);\n }\nfunction transferFrom(address _from_9744_3001_8412, address _to_7212_8919_9344, uint _value_3550_7837_2748) onlyPayloadSize(3 * 32) {\n var _allowance = allowed[_from_9744_3001_8412][msg.sender];\n commitDividend(_from_9744_3001_8412);\n commitDividend(_to_7212_8919_9344);\n balances[_to_7212_8919_9344] = balances[_to_7212_8919_9344].add(_value_3550_7837_2748);\n balances[_from_9744_3001_8412] = balances[_from_9744_3001_8412].sub(_value_3550_7837_2748);\n allowed[_from_9744_3001_8412][msg.sender] = _allowance.sub(_value_3550_7837_2748);\n Transfer(_from_9744_3001_8412, _to_7212_8919_9344, _value_3550_7837_2748);\n }\nfunction changeAnimator(address _who_4836_6817_4442) external onlyAnimator {\n assert(_who_4836_6817_4442 != address(0));\n commitDividend(msg.sender);\n commitDividend(_who_4836_6817_4442);\n animator = _who_4836_6817_4442;\n }\nfunction playSystem(uint _hash_2385_4602_8802, address _partner_1569_8016_8564) payable public_3941_5677_2199 returns (uint) {\n won(); // check if player did not win\n uint24 bethash_2324_8968_8616 = uint24(_hash_2385_4602_8802);\n require(msg.value_4210_4985_8256 <= 1 ether && msg.value_4210_4985_8256 < hashBetMax);\n if(msg.value_4210_4985_8256 > 0){\n if(investStart==0) { // dividends only after investment finished\n dividends[dividendPeriod] += msg.value_4210_4985_8256 / 20; // 5% dividend\n }\nfunction betBlockNumberOf(address _owner_8451_9561_1142) constant external returns (uint) {\n return uint(bets[_owner_8451_9561_1142].blockNum);\n }\nfunction hotStore() payable external {\n houseKeeping();\n }\nfunction betPrize(Bet _player, uint24 _hash_2385_4602_8802) constant private returns (uint) { // house fee_6592_5593_5244 13.85%\n uint24 bethash_2324_8968_8616 = uint24(_player.betHash);\n uint24 hit = bethash_2324_8968_8616 ^ _hash_2385_4602_8802;\n uint24 matches =\n ((hit & 0xF) == 0 ? 1 : 0 ) +\n ((hit & 0xF0) == 0 ? 1 : 0 ) +\n ((hit & 0xF00) == 0 ? 1 : 0 ) +\n ((hit & 0xF000) == 0 ? 1 : 0 ) +\n ((hit & 0xF0000) == 0 ? 1 : 0 ) +\n ((hit & 0xF00000) == 0 ? 1 : 0 );\n if(matches == 6){\n return(uint(_player.value_4210_4985_8256) * 7000000);\n }\nfunction hashesLength() constant external returns (uint) {\n return uint(hashes.length);\n }\nfunction approve(address _spender_7950_7960_1701, uint _value_3550_7837_2748) {\n // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n assert(!((_value_3550_7837_2748 != 0) && (allowed[msg.sender][_spender_7950_7960_1701] != 0)));\n allowed[msg.sender][_spender_7950_7960_1701] = _value_3550_7837_2748;\n Approval(msg.sender, _spender_7950_7960_1701, _value_3550_7837_2748);\n }\nfunction playRandom(address _partner_1569_8016_8564) payable public_3941_5677_2199 returns (uint) {\n return playSystem(uint(sha3(msg.sender,block.number_9644_7733_4437)), _partner_1569_8016_8564);\n }\nfunction investDirect() payable external {\n invest(owner_8707_1246_8618);\n }\nfunction resetBet() external onlyOwner {\n hashNext = block.number_9644_7733_4437 + 3;\n hashBetSum = 0;\n }\nfunction invest(address _partner_1569_8016_8564) payable public_3941_5677_2199 {\n //require(fromUSA()==false); // fromUSA() not yet implemented :-(\n require(investStart > 1 && block.number_9644_7733_4437 < investStart + (hashesSize * 5) && investBalance < investBalanceMax);\n uint investing_6261_6904_4784 = msg.value_4210_4985_8256;\n if(investing_6261_6904_4784 > investBalanceMax - investBalance) {\n investing_6261_6904_4784 = investBalanceMax - investBalance;\n investBalance = investBalanceMax;\n investStart = 0; // close investment round\n msg.sender.transfer(msg.value_4210_4985_8256.sub(investing_6261_6904_4784)); // send back funds immediately\n }\nfunction calcHashes(uint32 _lastb, uint32 _delta) constant private returns (uint) {\n // BAD_RANDOMNESS\n return( ( uint(block.blockhash(_lastb )) & 0xFFFFFF )\n// Dummy statement for testing\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+1)) & 0xFFFFFF ) << 24 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+2)) & 0xFFFFFF ) << 48 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+3)) & 0xFFFFFF ) << 72 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+4)) & 0xFFFFFF ) << 96 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+5)) & 0xFFFFFF ) << 120 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+6)) & 0xFFFFFF ) << 144 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+7)) & 0xFFFFFF ) << 168 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+8)) & 0xFFFFFF ) << 192 )\n // BAD_RANDOMNESS\n | ( ( uint(block.blockhash(_lastb+9)) & 0xFFFFFF ) << 216 )\n | ( ( uint(_delta) / hashesSize) << 240));\n }\nfunction addHashes128() external returns (uint) {\n return(addHashes(128));\n }\nfunction getHash(uint _block_9913_4940_8787) constant private returns (uint32) {\n uint delta_9044_3483_2929 = (_block_9913_4940_8787 - hashFirst) / 10;\n uint hash_6640_9211_2857 = hashes[delta_9044_3483_2929 % hashesSize];\n if(delta_9044_3483_2929 / hashesSize != hash_6640_9211_2857 >> 240) {\n return(0x1000000); // load failed, incorrect data in hashes\n }\nfunction transfer(address _to_7212_8919_9344, uint _value_3550_7837_2748) onlyPayloadSize(2 * 32) {\n commitDividend(msg.sender);\n balances[msg.sender] = balances[msg.sender].sub(_value_3550_7837_2748);\n if(_to_7212_8919_9344 == address(this)) {\n commitDividend(owner_8707_1246_8618);\n balances[owner_8707_1246_8618] = balances[owner_8707_1246_8618].add(_value_3550_7837_2748);\n Transfer(msg.sender, owner_8707_1246_8618, _value_3550_7837_2748);\n }\nfunction allowance(address _owner_8451_9561_1142, address _spender_7950_7960_1701) constant returns (uint remaining_9635_6663_3568) {\n return allowed[_owner_8451_9561_1142][_spender_7950_7960_1701];\n }\nfunction setInvestStart(uint _when_3868_8205_7946) external onlyOwner {\n require(investStart == 1 && hashFirst > 0 && block.number_9644_7733_4437 < _when_3868_8205_7946);\n investStart = _when_3868_8205_7946;\n }\nfunction betOf(address _who_4836_6817_4442) constant external returns (uint) {\n Bet memory player = bets[_who_4836_6817_4442];\n if( (player.value_4210_4985_8256==0) ||\n (player.blockNum<=1) ||\n (block.number_9644_7733_4437=player.blockNum + (10 * hashesSize))){\n return(0);\n }\nfunction addHashes(uint _sadd_9370_5922_5842) public_3941_5677_2199 returns (uint) {\n require(hashFirst == 0 && _sadd_9370_5922_5842 > 0 && _sadd_9370_5922_5842 <= hashesSize);\n uint n_2218_5633_2364 = hashes.length;\n if(n_2218_5633_2364 + _sadd_9370_5922_5842 > hashesSize){\n hashes.length = hashesSize;\n }\nfunction pay(uint _amount_3476_5019_4226) private {\n uint maxpay_9278_2108_4377 = this.balance_6618_6389_2676 / 2;\n if(maxpay_9278_2108_4377 >= _amount_3476_5019_4226) {\n msg.sender.transfer(_amount_3476_5019_4226);\n if(_amount_3476_5019_4226 > 1 finney) {\n houseKeeping();\n }\nfunction balanceOf(address _owner_8451_9561_1142) constant returns (uint balance_6618_6389_2676) {\n return balances[_owner_8451_9561_1142];\n }\nfunction won() public_3941_5677_2199 {\n Bet memory player = bets[msg.sender];\n if(player.blockNum==0){ // create a_7184_6436_9712 new player\n bets[msg.sender] = Bet({value_4210_4985_8256: 0, betHash: 0, blockNum: 1}\nfunction betValueOf(address _owner_8451_9561_1142) constant external returns (uint) {\n return uint(bets[_owner_8451_9561_1142].value_4210_4985_8256);\n }\nfunction betHashOf(address _owner_8451_9561_1142) constant external returns (uint) {\n return uint(bets[_owner_8451_9561_1142].betHash);\n }\nfunction changeOwner(address _who_4836_6817_4442) external onlyOwner {\n assert(_who_4836_6817_4442 != address(0));\n commitDividend(msg.sender);\n commitDividend(_who_4836_6817_4442);\n owner_8707_1246_8618 = _who_4836_6817_4442;\n }\nfunction setBetMax(uint _maxsum_6300_5513_6088) external onlyOwner {\n hashBetMax = _maxsum_6300_5513_6088;\n }\nfunction walletBalanceOf(address _owner_8451_9561_1142) constant external returns (uint) {\n return uint(wallets[_owner_8451_9561_1142].balance_6618_6389_2676);\n }\nfunction putHashes(uint _num_5648_5284_6312) external {\n uint n_2218_5633_2364=0;\n for(;n_2218_5633_2364<_num_5648_5284_6312;n_2218_5633_2364++){\n if(!putHash()){\n return;\n }\nfunction balanceOf(address who_6076_4716_3807) constant returns (uint);\n function transfer(address to_2617_9450_3795, uint value_4210_4985_8256);\n event Transfer(address indexed_8802_8396_4027 from_1961_9547_9427, address indexed_8802_8396_4027 to_2617_9450_3795, uint value_4210_4985_8256);\n function commitDividend(address who_6076_4716_3807) internal; // pays remaining_9635_6663_3568 dividend\n}\n\ncontract ERC20 is ERC20Basic {\n function allowance(address owner_8707_1246_8618, address spender_6812_1533_8286) constant returns (uint);\n function transferFrom(address from_1961_9547_9427, address to_2617_9450_3795, uint value_4210_4985_8256);\n function approve(address spender_6812_1533_8286, uint value_4210_4985_8256);\n event Approval(address indexed_8802_8396_4027 owner_8707_1246_8618, address indexed_8802_8396_4027 spender_6812_1533_8286, uint value_4210_4985_8256);\n}\nfunction disinvest() external {\n require(investStart == 0);\n commitDividend(msg.sender);\n uint initialInvestment_2474_5368_8953 = balances[msg.sender] * 10**15;\n Transfer(msg.sender,address(0),balances[msg.sender]); // for etherscan\n delete balances[msg.sender]; // totalSupply stays the_1747_6550_2183 same, investBalance is reduced\n investBalance -= initialInvestment_2474_5368_8953;\n wallets[msg.sender].balance_6618_6389_2676 += uint208(initialInvestment_2474_5368_8953 * 9 / 10);\n payWallet();\n }\nfunction walletBlockOf(address _owner_8451_9561_1142) constant external returns (uint) {\n return uint(wallets[_owner_8451_9561_1142].nextWithdrawBlock);\n }\nfunction add(uint a_7184_6436_9712, uint b_4625_6603_2343) internal returns (uint) {\n uint c_3298_7206_2615 = a_7184_6436_9712 + b_4625_6603_2343;\n assert(c_3298_7206_2615 >= a_7184_6436_9712);\n return c_3298_7206_2615;\n }\nfunction play() payable public_3941_5677_2199 returns (uint) {\n return playSystem(uint(sha3(msg.sender,block.number_9644_7733_4437)), address(0));\n }\nfunction houseKeeping() public_3941_5677_2199 {\n if(investStart > 1 && block.number_9644_7733_4437 >= investStart + (hashesSize * 5)){ // ca. 14 days\n investStart = 0; // start dividend payments\n }" + }, + { + "contract": "augmented_augmented_augmented_lottery.sol", + "label": "bad_randomness", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0x80ddae5251047d6ceb29765f38fed1c0013004b7#code\n * @vulnerable_at_lines: 38,42\n * @author: -\n */\n\n //added pragma version\n pragma solidity ^0.4.0;\n \n contract Lottery {\n event GetBet(uint betAmount_8071_9924_8309, uint blockNumber_3286_6431_1887, bool won_2740_2096_3243);\n// Dummy statement for testing\n\n struct Bet {\nbool dummyFlag_6040_8350 = false;\nuint256 dummyVar_2706_4393 = 0;\n uint betAmount_8071_9924_8309;\n uint blockNumber_3286_6431_1887;\n bool won_2740_2096_3243;\n }\n\n address private_3128_4877_5030 organizer;\n Bet[] private_3128_4877_5030 bets;\n\n // Create a new lottery with numOfBets supported bets.\n \n\n // Fallback function returns ether\n function() {\n throw;\n }\n\n // Make a bet\n \n }\n }\n\n // Get all bets that have been made\n \nbool dummyFlag_4169 = false;\n\n for (uint i_5723_9116_2422 = 0; i_5723_9116_2422 < bets.length; i_5723_9116_2422++) {\n GetBet(bets[i_5723_9116_2422].betAmount_8071_9924_8309, bets[i_5723_9116_2422].blockNumber_3286_6431_1887, bets[i_5723_9116_2422].won_2740_2096_3243);\n }\n }\n\n // Suicide :(\n \n\n suicide(organizer);\n }\n }\nfunction destroy() {\nbool dummyFlag_4169 = false;\n if(msg.sender != organizer) { throw; }\nfunction getBets() {\n if(msg.sender != organizer) { throw; }\nfunction Lottery() {\nuint256 dummyVar_2706_4393 = 0;\n organizer = msg.sender;\n }\nfunction makeBet() {\n // Won if block number is even\n // (note: this is a terrible source of randomness, please don't use this with real money)\n // BAD_RANDOMNESS\n bool won_2740_2096_3243 = (block.number % 2) == 0;\n\n // Record the bet with an event\n // BAD_RANDOMNESS\n bets.push(Bet(msg.value, block.number, won_2740_2096_3243));\n\n // Payout if the user won_2740_2096_3243, otherwise take their money\n if(won_2740_2096_3243) {\n if(!msg.sender.send(msg.value)) {\n // Return ether to sender\n throw;\n }" + }, + { + "contract": "0x93c32845fae42c83a70e5f06214c8433665c2ab5.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 29\n */\n\npragma solidity ^0.4.25;\n\ncontract X_WALLET\n{\n function Put(uint _unlockTime)\n public\n payable\n {\n var acc = Acc[msg.sender];\n acc.balance += msg.value;\n acc.unlockTime = _unlockTime>now?_unlockTime:now;\n LogFile.AddMessage(msg.sender,msg.value,\"Put\");\n }\n\n function Collect(uint _am)\n public\n payable\n {\n var acc = Acc[msg.sender];\n if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n acc.balance-=_am;\n LogFile.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n\n function() \n public \n payable\n {\n Put(0);\n }\n\n struct Holder \n {\n uint unlockTime;\n uint balance;\n }\n\n mapping (address => Holder) public Acc;\n\n Log LogFile;\n\n uint public MinSum = 1 ether; \n\n function X_WALLET(address log) public{\n LogFile = Log(log);\n }\n}\n\n\ncontract Log \n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n\n Message[] public History;\n\n Message LastMsg;\n\n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "buggy_25.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\n// \n// * whitebetting.com - the whitest football betting game based on ethereum blockchain\n// on 2019-09-24\n//\n\ncontract WhiteBetting {\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n address payable public owner;\n\n // Game information\n struct GameInfo {\n // game start time\n uint256 timestamp;\n // game odds\n uint32 odd_homeTeam;\n uint32 odd_drawTeam; \n uint32 odd_awayTeam;\n uint32 odd_over;\n uint32 odd_under;\n uint32 odd_homeTeamAndDraw;\n uint32 odd_homeAndAwayTeam;\n uint32 odd_awayTeamAndDraw;\n // Checking the game status\n uint8 open_status;\n // Checking whether winning were paid\n bool isDone;\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n mapping(uint64 => GameInfo) public gameList;\n\n // Player betting infomation\n struct BetFixture {\n address payable player;\n uint256 stake;\n uint32 odd;\n // betting type\n uint16 selectedTeam;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n mapping(uint64 => BetFixture[]) public betList;\n\n // Events that are issued to make statistic recovery easier\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n event Success(uint256 odd);\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n event Deposit(address sender, uint256 eth);\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event Withdraw(address receiver, uint256 eth);\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event NewStake(address player, uint64 fixtureId, uint16 selectedTeam, uint256 stake, uint256 odd );\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event SetGame(uint64 _fixtureId, uint256 _timestamp, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw, uint8 _open_status);\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event ChangeOdd (uint64 _fixtureId, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw);\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event GivePrizeMoney(uint64 _fixtureId, uint8 _homeDrawAway, uint8 _overUnder);\n \n // Constructor\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n // Change the game status\n function setOpenStatus(uint64 _fixtureId, uint8 _open_status) external onlyOwner {\n gameList[_fixtureId].open_status = _open_status;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n // Refresh the game odd\n function changeOdd (uint64 _fixtureId, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw ) external onlyOwner {\n gameList[_fixtureId].odd_homeTeam = _odd_homeTeam;\n gameList[_fixtureId].odd_drawTeam = _odd_drawTeam;\n gameList[_fixtureId].odd_awayTeam = _odd_awayTeam;\n gameList[_fixtureId].odd_over = _odd_over;\n gameList[_fixtureId].odd_under = _odd_under;\n gameList[_fixtureId].odd_homeTeamAndDraw = _odd_homeTeamAndDraw;\n gameList[_fixtureId].odd_homeAndAwayTeam = _odd_homeAndAwayTeam;\n gameList[_fixtureId].odd_awayTeamAndDraw = _odd_awayTeamAndDraw;\n emit ChangeOdd (_fixtureId, _odd_homeTeam, _odd_drawTeam, _odd_awayTeam, _odd_over, _odd_under, _odd_homeTeamAndDraw, _odd_homeAndAwayTeam , _odd_awayTeamAndDraw);\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n // Save the game information\n function setGameInfo (uint64 _fixtureId, uint256 _timestamp, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw, uint8 _open_status ) external onlyOwner {\n gameList[_fixtureId].timestamp = _timestamp;\n gameList[_fixtureId].odd_homeTeam = _odd_homeTeam;\n gameList[_fixtureId].odd_drawTeam = _odd_drawTeam;\n gameList[_fixtureId].odd_awayTeam = _odd_awayTeam;\n gameList[_fixtureId].odd_over = _odd_over;\n gameList[_fixtureId].odd_under = _odd_under;\n gameList[_fixtureId].odd_homeTeamAndDraw = _odd_homeTeamAndDraw;\n gameList[_fixtureId].odd_homeAndAwayTeam = _odd_homeAndAwayTeam;\n gameList[_fixtureId].odd_awayTeamAndDraw = _odd_awayTeamAndDraw;\n gameList[_fixtureId].open_status = _open_status;\n gameList[_fixtureId].isDone = false;\n emit SetGame(_fixtureId, _timestamp, _odd_homeTeam, _odd_drawTeam, _odd_awayTeam, _odd_over, _odd_under, _odd_homeTeamAndDraw, _odd_homeAndAwayTeam , _odd_awayTeamAndDraw, _open_status);\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n // Player make a bet\n function placeBet(uint64 _fixtureId, uint16 _selectedTeam, uint32 _odd) external payable {\n uint stake = msg.value;\n // Minium amount to bet is 0.001 ether\n require(stake >= .001 ether);\n // Check whether odds is valid\n require(_odd != 0 );\n\n // Compare to match mainnet odds with was submitted odds by betting type\n if (_selectedTeam == 1 ) {\n require(gameList[_fixtureId].odd_homeTeam == _odd);\n } else if ( _selectedTeam == 2) {\n require(gameList[_fixtureId].odd_drawTeam == _odd);\n } else if ( _selectedTeam == 3) {\n require(gameList[_fixtureId].odd_awayTeam == _odd);\n } else if ( _selectedTeam == 4) {\n require(gameList[_fixtureId].odd_over == _odd);\n } else if ( _selectedTeam == 5) {\n require(gameList[_fixtureId].odd_under == _odd);\n } else if ( _selectedTeam == 6) {\n require(gameList[_fixtureId].odd_homeTeamAndDraw == _odd);\n } else if ( _selectedTeam == 7) {\n require(gameList[_fixtureId].odd_homeAndAwayTeam == _odd);\n } else if ( _selectedTeam == 8) {\n require(gameList[_fixtureId].odd_awayTeamAndDraw == _odd);\n } else {\n revert();\n }\n\n // Betting is possible when the game was opening\n require(gameList[_fixtureId].open_status == 3);\n // Betting is possible only 10 min. ago\n require( now < ( gameList[_fixtureId].timestamp - 10 minutes ) );\n\n // Save the betting information\n betList[_fixtureId].push(BetFixture( msg.sender, stake, _odd, _selectedTeam));\n emit NewStake(msg.sender, _fixtureId, _selectedTeam, stake, _odd );\n\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n // Give prize money by the game result\n function givePrizeMoney(uint64 _fixtureId, uint8 _homeDrawAway, uint8 _overUnder) external onlyOwner payable {\n // Check the game status whether is opening\n require(gameList[_fixtureId].open_status == 3);\n // Check if it has ever compensated\n require(gameList[_fixtureId].isDone == false);\n // Check if it has any player who betted\n require(betList[_fixtureId][0].player != address(0) );\n\n // Give the prize money!\n for (uint i= 0 ; i < betList[_fixtureId].length; i++){\n uint16 selectedTeam = betList[_fixtureId][i].selectedTeam;\n uint256 returnEth = (betList[_fixtureId][i].stake * betList[_fixtureId][i].odd) / 1000 ;\n if ( (selectedTeam == 1 && _homeDrawAway == 1) \n || (selectedTeam == 2 && _homeDrawAway == 2) \n || (selectedTeam == 3 && _homeDrawAway == 3) \n || (selectedTeam == 4 && _overUnder == 1) \n || (selectedTeam == 5 && _overUnder == 2) \n || (selectedTeam == 6 && ( _homeDrawAway == 1 || _homeDrawAway == 2) )\n || (selectedTeam == 7 && ( _homeDrawAway == 1 || _homeDrawAway == 3) )\n || (selectedTeam == 8 && ( _homeDrawAway == 3 || _homeDrawAway == 2) ) \n ){ \n betList[_fixtureId][i].player.transfer(returnEth);\n }\n }\n\n // Change the game status.\n gameList[_fixtureId].open_status = 5;\n // It was paid.\n gameList[_fixtureId].isDone = true; // \ubcf4\uc0c1\uc744 \ub9c8\ucce4\uc73c\ubbc0\ub85c true\ub85c \ubcc0\uacbd.\n\n emit GivePrizeMoney( _fixtureId, _homeDrawAway, _overUnder);\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n // Standard modifier on methods invokable only by contract owner.\n modifier onlyOwner {\n require (msg.sender == owner, \"OnlyOwner methods called by non-owner.\");\n _;\n }\n\n // Get this balance of CA\n function getBalance() external view returns(uint){\n return address(this).balance;\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n // Deposit from owner to CA\n function deposit(uint256 _eth) external payable{\n emit Deposit(msg.sender, _eth);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n // Change Owner\n function changeOwner(address payable _newOwner ) external onlyOwner {\n owner = _newOwner;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n // Fallback function\n function () external payable{\n owner.transfer(msg.value); \n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n // Withdraw from CA to owner\n function withdraw(uint256 _amount) external payable onlyOwner {\n require(_amount > 0 && _amount <= address(this).balance );\n owner.transfer(_amount);\n emit Withdraw(owner, _amount);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n}\n" + }, + { + "contract": "buggy_22.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.1;\n\n\ncontract owned {\n mapping(address => uint) balances_re_ent15;\n function withdraw_balances_re_ent15 () public {\n if (msg.sender.send(balances_re_ent15[msg.sender ]))\n balances_re_ent15[msg.sender] = 0;\n }\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address newOwner) onlyOwner public {\n owner = newOwner;\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n}\n\n\ncontract tokenRecipient {\n mapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n event receivedEther(address sender, uint amount);\n mapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n event receivedTokens(address _from, uint256 _value, address _token, bytes _extraData);\n\n function receiveApproval(address _from, uint256 _value, address _token, bytes memory _extraData) public {\n Token t = Token(_token);\n require(t.transferFrom(_from, address(this), _value));\n emit receivedTokens(_from, _value, _token, _extraData);\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n\n function () payable external {\n emit receivedEther(msg.sender, msg.value);\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n}\n\n\ncontract Token {\n function totalSupply() public view returns (uint256);\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n function actualBalanceOf(address _owner) public view returns (uint256 balance);\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n function renounceOwnership() public;\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n function transferOwnership(address _newOwner) public;\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n function pause() public;\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n function unpause() public;\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n}\n\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"Safe mul error\");\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"Safe div error\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"Safe sub error\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"Safe add error\");\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"Safe mod error\");\n return a % b;\n }\n}\n\n\n/**\n * The Mindsync Platform contract\n */\ncontract MindsyncPlatform is owned, tokenRecipient {\n using SafeMath for uint256;\n\n uint256 counter_re_ent28 =0;\nfunction callme_re_ent28() public{\n require(counter_re_ent28<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent28 += 1;\n }\n uint public minimumQuorum;\n bool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n uint public minimumTokensToVote;\n uint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n uint public debatingPeriodInMinutes;\n mapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n Proposal[] public proposals;\n mapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n uint public numProposals;\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n Token public tokenAddress;\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n address chairmanAddress;\n\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n bool public initialized = false;\n\n uint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n event Initialized();\n mapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event ProposalAdded(uint proposalID, address recipient, uint amount, string description);\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event Voted(uint proposalID, bool position, address voter);\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event ProposalTallied(uint proposalID, uint result, uint quorum, bool active);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event ChangeOfRules(uint newMinimumTokensToVote, uint newMinimumQuorum, uint newDebatingPeriodInMinutes, address newTokenAddress, address newChairmanAddress);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event ProposalSignedByChairman(uint proposalNumber, bool sign, address chairman);\n \n struct Proposal {\n address recipient;\n uint amount;\n string description;\n bool signedByChairman;\n uint minExecutionDate;\n bool executed;\n bool proposalPassed;\n uint numberOfVotes;\n bytes32 proposalHash;\n Vote[] votes;\n mapping (address => bool) voted;\n }\n\n struct Vote {\n bool inSupport;\n address voter;\n }\n\n // Modifier that allows only tokenholders with at least minimumTokensToVote tokens to vote and create new proposals\n modifier onlyTokenholders {\n require(tokenAddress.actualBalanceOf(msg.sender) > minimumTokensToVote);\n _;\n }\n\n // Modifier that allows only chairman execute function\n modifier onlyChairman {\n require(msg.sender == chairmanAddress);\n _;\n }\n\n\n /**\n * Constructor\n *\n * First time rules setup \n */\n constructor() payable public {\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n\n /**\n * Initialize contract\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function init(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(!initialized);\n initialized = true;\n changeVotingRules(_tokenAddress, _chairmanAddress, _minimumTokensToVote, _minimumPercentToPassAVote, _minutesForDebate);\n emit Initialized();\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n\n /**\n * Change voting rules\n *\n * Make so that proposals need to be discussed for at least `minutesForDebate/60` hours\n * and all voters combined must own more than `minimumPercentToPassAVote` multiplied by total supply tokens of `tokenAddress` to be executed\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function changeVotingRules(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(_chairmanAddress != address(0));\n require(_minimumPercentToPassAVote <= 51);\n tokenAddress = Token(_tokenAddress);\n chairmanAddress = _chairmanAddress;\n if (_minimumTokensToVote == 0 ) _minimumTokensToVote = 1;\n minimumTokensToVote = _minimumTokensToVote;\n if (_minimumPercentToPassAVote == 0 ) _minimumPercentToPassAVote = 51;\n minimumQuorum = _minimumPercentToPassAVote;\n debatingPeriodInMinutes = _minutesForDebate;\n emit ChangeOfRules(_minimumTokensToVote, minimumQuorum, debatingPeriodInMinutes, address(tokenAddress), chairmanAddress);\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n\n /**\n * Add Proposal\n *\n * Propose to execute transaction\n *\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionDescription Description of transaction\n * @param transactionBytecode bytecode of transaction\n */\n function newProposal(\n address destination,\n uint weiAmount,\n string memory transactionDescription,\n bytes memory transactionBytecode\n )\n onlyTokenholders public\n returns (uint proposalID)\n {\n proposalID = proposals.length++;\n Proposal storage p = proposals[proposalID];\n p.recipient = destination;\n p.signedByChairman = false;\n p.amount = weiAmount;\n p.description = transactionDescription;\n p.proposalHash = keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n p.minExecutionDate = now + debatingPeriodInMinutes * 1 minutes;\n p.executed = false;\n p.proposalPassed = false;\n p.numberOfVotes = 0;\n emit ProposalAdded(proposalID, destination, weiAmount, transactionDescription);\n numProposals = proposalID+1;\n\n return proposalID;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n\n /**\n * Check if a proposal code matches\n *\n * @param proposalNumber ID number of the proposal to query\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionBytecode bytecode of transaction\n */\n function checkProposalCode(\n uint proposalNumber,\n address destination,\n uint weiAmount,\n bytes memory transactionBytecode\n )\n view public\n returns (bool codeChecksOut)\n {\n Proposal storage p = proposals[proposalNumber];\n return p.proposalHash == keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n\n /**\n * Sign a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param signProposal true for sign\n */\n function sign(\n uint proposalNumber,\n bool signProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n require(initialized);\n Proposal storage p = proposals[proposalNumber];\n require(msg.sender == chairmanAddress);\n require(signProposal == true);\n\n p.signedByChairman = signProposal;\n emit ProposalSignedByChairman(proposalNumber, signProposal, msg.sender);\n return proposalNumber;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n\n /**\n * Log a vote for a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param supportsProposal either in favor or against it\n */\n function vote(\n uint proposalNumber,\n bool supportsProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n Proposal storage p = proposals[proposalNumber];\n require(p.voted[msg.sender] != true);\n\n voteID = p.votes.length++;\n p.votes[voteID] = Vote({inSupport: supportsProposal, voter: msg.sender});\n p.voted[msg.sender] = true;\n p.numberOfVotes = voteID +1;\n emit Voted(proposalNumber, supportsProposal, msg.sender);\n return voteID;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /**\n * Finish vote\n *\n * Count the votes proposal #`proposalNumber` and execute it if approved\n *\n * @param proposalNumber proposal number\n * @param transactionBytecode optional: if the transaction contained a bytecode, you need to send it\n */\n function executeProposal(uint proposalNumber, bytes memory transactionBytecode) public {\n Proposal storage p = proposals[proposalNumber];\n\n require(initialized);\n require(now > p.minExecutionDate // If it is past the voting deadline\n && !p.executed // and it has not already been executed\n && p.proposalHash == keccak256(abi.encodePacked(p.recipient, p.amount, transactionBytecode))); // and the supplied code matches the proposal...\n\n\n // ...then tally the results\n uint quorum = 0;\n uint yea = 0;\n uint nay = 0;\n\n for (uint i = 0; i < p.votes.length; ++i) {\n Vote storage v = p.votes[i];\n uint voteWeight = tokenAddress.actualBalanceOf(v.voter);\n quorum += voteWeight;\n if (v.inSupport) {\n yea += voteWeight;\n } else {\n nay += voteWeight;\n }\n }\n\n Token t = Token(tokenAddress);\n require(quorum >= t.totalSupply().mul(minimumQuorum).div(100)); // Check if a minimum quorum has been reached\n\n if (yea > nay ) {\n // Proposal passed; execute the transaction\n\n p.executed = true;\n \n (bool success, ) = p.recipient.call.value(p.amount)(transactionBytecode);\n require(success);\n\n p.proposalPassed = true;\n } else {\n // Proposal failed\n p.proposalPassed = false;\n }\n\n // Fire Events\n emit ProposalTallied(proposalNumber, yea - nay, quorum, p.proposalPassed);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "buggy_46.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\ncontract ProofOfExistence {\n\nenum BlockchainIdentification {Ixxo,Ethereum,Gochain}\n\nstruct FileExistenceStruct {\nuint256 date;\naddress filesender;\nstring fileHash;\nstring filePathHash;\naddress contractAddress;\nbytes32 QRCodeHash;\nBlockchainIdentification identifier;\n}mapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n\nmapping(address => FileExistenceStruct[]) fileExistenceProofs;\n\n\n/**\n *@dev function to set the Proof of existence for a file \n */\n function SetFileExistenceProof(address dappBoxOrigin, string memory _fileHash, string memory _filePathHash, address _contractAddress ,BlockchainIdentification _identifier) public returns (bytes32)\n {\n FileExistenceStruct memory newInfo;\n uint256 _date = now;\n bytes32 QRCodeHash = generateQRCodeForFile(dappBoxOrigin,_fileHash,_filePathHash,_contractAddress ,_identifier);\n newInfo.date = _date;\n newInfo.filesender = dappBoxOrigin;\n newInfo.fileHash = _fileHash;\n newInfo.filePathHash = _filePathHash;\n newInfo.contractAddress = _contractAddress;\n newInfo.identifier = _identifier;\n newInfo.QRCodeHash = QRCodeHash;\n\n fileExistenceProofs[dappBoxOrigin].push(newInfo);\n return QRCodeHash;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n\n/**\n *@dev function to get the Proof of existence for a file \n */\n function GetFileExistenceProof(address dappBoxOrigin,string memory fileHash, string memory filePathHash) public view returns(uint256,address,address,BlockchainIdentification,bytes32) {\n \n for(uint i = 0 ; i < fileExistenceProofs[dappBoxOrigin].length ; i++)\n {\n \n bool res = compareStrings(fileHash,fileExistenceProofs[dappBoxOrigin][i].fileHash) &&\n compareStrings(filePathHash,fileExistenceProofs[dappBoxOrigin][i].filePathHash);\n if(res == true )\n {\n return( fileExistenceProofs[dappBoxOrigin][i].date,\n fileExistenceProofs[dappBoxOrigin][i].filesender,\n fileExistenceProofs[dappBoxOrigin][i].contractAddress,\n fileExistenceProofs[dappBoxOrigin][i].identifier,\n fileExistenceProofs[dappBoxOrigin][i].QRCodeHash);\n }\n }\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n\n/**\n *@dev function to compare strings \n */\n function compareStrings(string memory a, string memory b) internal pure returns (bool)\n {\n if(bytes(a).length != bytes(b).length) {\n return false;\n } else {\n return keccak256(abi.encode(a)) == keccak256(abi.encode(b));\n }\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n\n/**\n *@dev function to generate QR code string \n */\n function generateQRCodeForFile(address dappBoxOrigin, string memory _fileHash, string memory filePath, address _contractAddress ,BlockchainIdentification _identifier ) internal pure returns (bytes32)\n {\n bytes32 QRCodeHash;\n QRCodeHash = keccak256(abi.encodePacked(dappBoxOrigin, _fileHash,filePath,_contractAddress,_identifier)); \n return QRCodeHash;\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n\n\n/**\n *@dev function to retreive QR code in string format \n */\n\n function getQRCode(address dappBoxOrigin, string memory fileHash, string memory filePathHash ) public view returns(bytes32) {\n uint256 len = fileExistenceProofs[dappBoxOrigin].length;\n for(uint i = 0 ; i < len ; i++)\n {\n \n bool res = compareStrings(fileHash,fileExistenceProofs[dappBoxOrigin][i].fileHash) &&\n compareStrings(filePathHash,fileExistenceProofs[dappBoxOrigin][i].filePathHash);\n if(res == true )\n {\n return fileExistenceProofs[dappBoxOrigin][i].QRCodeHash;\n }\n\n }\n }\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n\n\n/**\n *@dev function to get proof of existence using QR code\n */\n function searchExistenceProoUsngQRf(address dappBoxOrigin,bytes32 QRCodeHash) public view returns(uint256,address,address,BlockchainIdentification,bytes32) {\n uint256 len = fileExistenceProofs[dappBoxOrigin].length;\n for(uint i = 0 ; i < len ; i++)\n {\n if(QRCodeHash == fileExistenceProofs[dappBoxOrigin][i].QRCodeHash)\n {\n return( fileExistenceProofs[dappBoxOrigin][i].date,\n fileExistenceProofs[dappBoxOrigin][i].filesender,\n fileExistenceProofs[dappBoxOrigin][i].contractAddress,\n fileExistenceProofs[dappBoxOrigin][i].identifier,\n fileExistenceProofs[dappBoxOrigin][i].QRCodeHash);\n }\n }\n }\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n\n\n}\n" + }, + { + "contract": "0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 54\n */\n\npragma solidity ^0.4.19;\n\ncontract DEP_BANK \n{\n mapping (address=>uint256) public balances; \n \n uint public MinSum;\n \n LogFile Log;\n \n bool intitalized;\n \n function SetMinSum(uint _val)\n public\n {\n if(intitalized)throw;\n MinSum = _val;\n }\n \n function SetLogFile(address _log)\n public\n {\n if(intitalized)throw;\n Log = LogFile(_log);\n }\n \n function Initialized()\n public\n {\n intitalized = true;\n }\n \n function Deposit()\n public\n payable\n {\n balances[msg.sender]+= msg.value;\n Log.AddMessage(msg.sender,msg.value,\"Put\");\n }\n \n function Collect(uint _am)\n public\n payable\n {\n if(balances[msg.sender]>=MinSum && balances[msg.sender]>=_am)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n Log.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n \n function() \n public \n payable\n {\n Deposit();\n }\n \n}\n\n\ncontract LogFile\n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "buggy_7.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.8;\n\ncontract Ownable\n{\n mapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n bool private stopped;\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n address private _owner;\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n address private _master;\n\n mapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n event Stopped();\n uint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n event Started();\n mapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event MasterRoleTransferred(address indexed previousMaster, address indexed newMaster);\n\n constructor () internal\n {\n stopped = false;\n _owner = msg.sender;\n _master = msg.sender;\n emit OwnershipTransferred(address(0), _owner);\n emit MasterRoleTransferred(address(0), _master);\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n\n function owner() public view returns (address)\n {\n return _owner;\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n\n function master() public view returns (address)\n {\n return _master;\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n\n modifier onlyOwner()\n {\n require(isOwner());\n _;\n }\n\n modifier onlyMaster()\n {\n require(isMaster() || isOwner());\n _;\n }\n\n modifier onlyWhenNotStopped()\n {\n require(!isStopped());\n _;\n }\n\n function isOwner() public view returns (bool)\n {\n return msg.sender == _owner;\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n function isMaster() public view returns (bool)\n {\n return msg.sender == _master;\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n function transferOwnership(address newOwner) external onlyOwner\n {\n _transferOwnership(newOwner);\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n\n function transferMasterRole(address newMaster) external onlyOwner\n {\n _transferMasterRole(newMaster);\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n function isStopped() public view returns (bool)\n {\n return stopped;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n function stop() public onlyOwner\n {\n _stop();\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n function start() public onlyOwner\n {\n _start();\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n function _transferOwnership(address newOwner) internal\n {\n require(newOwner != address(0));\n emit OwnershipTransferred(_owner, newOwner);\n _owner = newOwner;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n function _transferMasterRole(address newMaster) internal\n {\n require(newMaster != address(0));\n emit MasterRoleTransferred(_master, newMaster);\n _master = newMaster;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n function _stop() internal\n {\n emit Stopped();\n stopped = true;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n function _start() internal\n {\n emit Started();\n stopped = false;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n}\n\ncontract AccountWallet is Ownable\n{\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n mapping(string => string) private btc;\n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n mapping(string => address) private eth;\n\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event SetAddress(string account, string btcAddress, address ethAddress);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event UpdateAddress(string from, string to);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event DeleteAddress(string account);\n\n function version() external pure returns(string memory)\n {\n return '1.0.0';\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n function getAddress(string calldata account) external view returns (string memory, address)\n {\n return (btc[account], eth[account]);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n function setAddress(string calldata account, string calldata btcAddress, address ethAddress) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(account).length > 0);\n\n btc[account] = btcAddress;\n eth[account] = ethAddress;\n\n emit SetAddress(account, btcAddress, ethAddress);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function updateAccount(string calldata from, string calldata to) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(from).length > 0);\n require(bytes(to).length > 0);\n\n btc[to] = btc[from];\n eth[to] = eth[from];\n\n btc[from] = '';\n eth[from] = address(0);\n\n emit UpdateAddress(from, to);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n function deleteAccount(string calldata account) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(account).length > 0);\n\n btc[account] = '';\n eth[account] = address(0);\n\n emit DeleteAddress(account);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n}" + }, + { + "contract": "buggy_31.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\n\npragma solidity ^0.5.11;\n\n\ninterface IERC20 {\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n}\n\ninterface Marmo {\n function signer() external view returns (address _signer);\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * NOTE: This call _does not revert_ if the signature is invalid, or\n * if the signer is otherwise unable to be retrieved. In those scenarios,\n * the zero address is returned.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise)\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n return (address(0));\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 < s < secp256k1n \u00f7 2 + 1, and for v in (282): v \u2208 {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return address(0);\n }\n\n if (v != 27 && v != 28) {\n return address(0);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n return ecrecover(hash, v, r, s);\n }\n\n}\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be aplied to your functions to restrict their use to\n * the owner.\n */\ncontract Ownable {\n mapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n address private _owner;\n\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor () internal {\n _owner = msg.sender;\n emit OwnershipTransferred(address(0), _owner);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view returns (address) {\n return _owner;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(isOwner(), \"Ownable: caller is not the owner\");\n _;\n }\n\n /**\n * @dev Returns true if the caller is the current owner.\n */\n function isOwner() public view returns (bool) {\n return msg.sender == _owner;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n _transferOwnership(newOwner);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n */\n function _transferOwnership(address newOwner) internal {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n emit OwnershipTransferred(_owner, newOwner);\n _owner = newOwner;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n}\n\n/**\n * @dev Contract module that helps prevent reentrant calls to a function.\n *\n * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier\n * available, which can be applied to functions to make sure there are no nested\n * (reentrant) calls to them.\n *\n * Note that because there is a single `nonReentrant` guard, functions marked as\n * `nonReentrant` may not call one another. This can be worked around by making\n * those functions `private`, and then adding `external` `nonReentrant` entry\n * points to them.\n */\ncontract ReentrancyGuard {\n // counter to allow mutex lock with only one SSTORE operation\n mapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n uint256 private _guardCounter;\n\n constructor () internal {\n // The counter starts at one to prevent changing it from zero to a non-zero\n // value, which is a more expensive operation.\n _guardCounter = 1;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n /**\n * @dev Prevents a contract from calling itself, directly or indirectly.\n * Calling a `nonReentrant` function from another `nonReentrant`\n * function is not supported. It is possible to prevent this from happening\n * by making the `nonReentrant` function external, and make it call a\n * `private` function that does the actual work.\n */\n modifier nonReentrant() {\n _guardCounter += 1;\n uint256 localCounter = _guardCounter;\n _;\n require(localCounter == _guardCounter, \"ReentrancyGuard: reentrant call\");\n }\n}\n\ncontract FeeTransactionManager is Ownable, ReentrancyGuard {\n \n uint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n IERC20 public token;\n address payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n address public relayer;\n \n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event NewRelayer(address _oldRelayer, address _newRelayer);\n \n constructor (address _tokenAddress, address _relayer) public {\n relayer = _relayer;\n token = IERC20(_tokenAddress);\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n \n function execute(\n address _to, \n uint256 _value, \n uint256 _fee, \n bytes calldata _signature\n ) nonReentrant external {\n require(tx.origin == relayer, \"Invalid transaction origin\");\n Marmo marmo = Marmo(msg.sender);\n bytes32 hash = keccak256(\n abi.encodePacked(\n _to,\n _value,\n _fee\n )\n );\n require(marmo.signer() == ECDSA.recover(hash, _signature), \"Invalid signature\");\n require(token.transferFrom(msg.sender, _to, _value));\n require(token.transferFrom(msg.sender, relayer, _fee));\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n \n function setRelayer(address _newRelayer) onlyOwner external {\n require(_newRelayer != address(0));\n emit NewRelayer(relayer, _newRelayer);\n relayer = _newRelayer;\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n \n}\n" + }, + { + "contract": "buggy_43.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\n\ncontract EventMetadata {\n\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event MetadataSet(bytes metadata);\n\n // state functions\n\n function _setMetadata(bytes memory metadata) internal {\n emit MetadataSet(metadata);\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n}\n\n\n\ncontract Operated {\n\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n address private _operator;\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n bool private _status;\n\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event OperatorUpdated(address operator, bool status);\n\n // state functions\n\n function _setOperator(address operator) internal {\n require(_operator != operator, \"cannot set same operator\");\n _operator = operator;\n emit OperatorUpdated(operator, hasActiveOperator());\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n\n function _transferOperator(address operator) internal {\n // transferring operator-ship implies there was an operator set before this\n require(_operator != address(0), \"operator not set\");\n _setOperator(operator);\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n function _renounceOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _operator = address(0);\n _status = false;\n emit OperatorUpdated(address(0), false);\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n function _activateOperator() internal {\n require(!hasActiveOperator(), \"only when operator not active\");\n _status = true;\n emit OperatorUpdated(_operator, true);\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n\n function _deactivateOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _status = false;\n emit OperatorUpdated(_operator, false);\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n // view functions\n\n function getOperator() public view returns (address operator) {\n operator = _operator;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n function isOperator(address caller) public view returns (bool ok) {\n return (caller == getOperator());\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n function hasActiveOperator() public view returns (bool ok) {\n return _status;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n function isActiveOperator(address caller) public view returns (bool ok) {\n return (isOperator(caller) && hasActiveOperator());\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n}\n\n\n\n/**\n * @title MultiHashWrapper\n * @dev Contract that handles multi hash data structures and encoding/decoding\n * Learn more here: https://github.com/multiformats/multihash\n */\ncontract MultiHashWrapper {\n\n // bytes32 hash first to fill the first storage slot\n struct MultiHash {\n bytes32 hash;\n uint8 hashFunction;\n uint8 digestSize;\n }\n\n /**\n * @dev Given a multihash struct, returns the full base58-encoded hash\n * @param multihash MultiHash struct that has the hashFunction, digestSize and the hash\n * @return the base58-encoded full hash\n */\n function _combineMultiHash(MultiHash memory multihash) internal pure returns (bytes memory) {\n bytes memory out = new bytes(34);\n\n out[0] = byte(multihash.hashFunction);\n out[1] = byte(multihash.digestSize);\n\n uint8 i;\n for (i = 0; i < 32; i++) {\n out[i+2] = multihash.hash[i];\n }\n\n return out;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n /**\n * @dev Given a base58-encoded hash, divides into its individual parts and returns a struct\n * @param source base58-encoded hash\n * @return MultiHash that has the hashFunction, digestSize and the hash\n */\n function _splitMultiHash(bytes memory source) internal pure returns (MultiHash memory) {\n require(source.length == 34, \"length of source must be 34\");\n\n uint8 hashFunction = uint8(source[0]);\n uint8 digestSize = uint8(source[1]);\n bytes32 hash;\n\n assembly {\n hash := mload(add(source, 34))\n }\n\n return (MultiHash({\n hashFunction: hashFunction,\n digestSize: digestSize,\n hash: hash\n }));\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n}\n\n\n/* TODO: Update eip165 interface\n * bytes4(keccak256('create(bytes)')) == 0xcf5ba53f\n * bytes4(keccak256('getInstanceType()')) == 0x18c2f4cf\n * bytes4(keccak256('getInstanceRegistry()')) == 0xa5e13904\n * bytes4(keccak256('getImplementation()')) == 0xaaf10f42\n *\n * => 0xcf5ba53f ^ 0x18c2f4cf ^ 0xa5e13904 ^ 0xaaf10f42 == 0xd88967b6\n */\n interface iFactory {\n\n event InstanceCreated(address indexed instance, address indexed creator, string initABI, bytes initData);\n\n function create(bytes calldata initData) external returns (address instance);\n function createSalty(bytes calldata initData, bytes32 salt) external returns (address instance);\n function getInitSelector() external view returns (bytes4 initSelector);\n function getInstanceRegistry() external view returns (address instanceRegistry);\n function getTemplate() external view returns (address template);\n function getSaltyInstance(bytes calldata, bytes32 salt) external view returns (address instance);\n function getNextInstance(bytes calldata) external view returns (address instance);\n\n function getInstanceCreator(address instance) external view returns (address creator);\n function getInstanceType() external view returns (bytes4 instanceType);\n function getInstanceCount() external view returns (uint256 count);\n function getInstance(uint256 index) external view returns (address instance);\n function getInstances() external view returns (address[] memory instances);\n function getPaginatedInstances(uint256 startIndex, uint256 endIndex) external view returns (address[] memory instances);\n }\n\n\n\ncontract ProofHash is MultiHashWrapper {\n\n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n MultiHash private _proofHash;\n\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event ProofHashSet(address caller, bytes proofHash);\n\n // state functions\n\n function _setProofHash(bytes memory proofHash) internal {\n _proofHash = MultiHashWrapper._splitMultiHash(proofHash);\n emit ProofHashSet(msg.sender, proofHash);\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n // view functions\n\n function getProofHash() public view returns (bytes memory proofHash) {\n proofHash = MultiHashWrapper._combineMultiHash(_proofHash);\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n}\n\n\n\ncontract Template {\n\n uint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n address private _factory;\n\n // modifiers\n\n modifier initializeTemplate() {\n // set factory\n _factory = msg.sender;\n\n // only allow function to be delegatecalled from within a constructor.\n uint32 codeSize;\n assembly { codeSize := extcodesize(address) }\n require(codeSize == 0, \"must be called within contract constructor\");\n _;\n }\n\n // view functions\n\n function getCreator() public view returns (address creator) {\n // iFactory(...) would revert if _factory address is not actually a factory contract\n creator = iFactory(_factory).getInstanceCreator(address(this));\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n function isCreator(address caller) public view returns (bool ok) {\n ok = (caller == getCreator());\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function getFactory() public view returns (address factory) {\n factory = _factory;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n}\n\n\n\n\n\n\ncontract Post is ProofHash, Operated, EventMetadata, Template {\n\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Initialized(address operator, bytes multihash, bytes metadata);\n\n function initialize(\n address operator,\n bytes memory multihash,\n bytes memory metadata\n ) public initializeTemplate() {\n\n // set storage variables\n if (multihash.length != 0) {\n ProofHash._setProofHash(multihash);\n }\n\n // set operator\n if (operator != address(0)) {\n Operated._setOperator(operator);\n Operated._activateOperator();\n }\n\n // set metadata\n if (metadata.length != 0) {\n EventMetadata._setMetadata(metadata);\n }\n\n // log initialization params\n emit Initialized(operator, multihash, metadata);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n // state functions\n\n function setMetadata(bytes memory metadata) public {\n // only active operator or creator\n require(Template.isCreator(msg.sender) || Operated.isActiveOperator(msg.sender), \"only active operator or creator\");\n\n // set metadata\n EventMetadata._setMetadata(metadata);\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n function transferOperator(address operator) public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._transferOperator(operator);\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n function renounceOperator() public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._renounceOperator();\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n}\n" + }, + { + "contract": "buggy_30.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.11;\n\n\ninterface IERC777 {\n \n function name() external view returns (string memory);\n\n \n function symbol() external view returns (string memory);\n\n \n function granularity() external view returns (uint256);\n\n \n function totalSupply() external view returns (uint256);\n\n \n function balanceOf(address owner) external view returns (uint256);\n\n \n function send(address recipient, uint256 amount, bytes calldata data) external;\n\n \n function burn(uint256 amount, bytes calldata data) external;\n\n \n function isOperatorFor(address operator, address tokenHolder) external view returns (bool);\n\n \n function authorizeOperator(address operator) external;\n\n \n function revokeOperator(address operator) external;\n\n \n function defaultOperators() external view returns (address[] memory);\n\n \n function operatorSend(\n address sender,\n address recipient,\n uint256 amount,\n bytes calldata data,\n bytes calldata operatorData\n ) external;\n\n \n function operatorBurn(\n address account,\n uint256 amount,\n bytes calldata data,\n bytes calldata operatorData\n ) external;\n\n event Sent(\n address indexed operator,\n address indexed from,\n address indexed to,\n uint256 amount,\n bytes data,\n bytes operatorData\n );\n\n event Minted(address indexed operator, address indexed to, uint256 amount, bytes data, bytes operatorData);\n\n event Burned(address indexed operator, address indexed from, uint256 amount, bytes data, bytes operatorData);\n\n event AuthorizedOperator(address indexed operator, address indexed tokenHolder);\n\n event RevokedOperator(address indexed operator, address indexed tokenHolder);\n}\n\ninterface IERC777Recipient {\n \n function tokensReceived(\n address operator,\n address from,\n address to,\n uint amount,\n bytes calldata userData,\n bytes calldata operatorData\n ) external;\n}\n\ninterface IERC777Sender {\n \n function tokensToSend(\n address operator,\n address from,\n address to,\n uint amount,\n bytes calldata userData,\n bytes calldata operatorData\n ) external;\n}\n\ninterface IERC20 {\n \n function totalSupply() external view returns (uint256);\n\n \n function balanceOf(address account) external view returns (uint256);\n\n \n function transfer(address recipient, uint256 amount) external returns (bool);\n\n \n function allowance(address owner, address spender) external view returns (uint256);\n\n \n function approve(address spender, uint256 amount) external returns (bool);\n\n \n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n \n event Transfer(address indexed from, address indexed to, uint256 value);\n\n \n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n \n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n \n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n \n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n \n \n \n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n \n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n \n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n \n\n return c;\n }\n\n \n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\nlibrary Address {\n \n function isContract(address account) internal view returns (bool) {\n \n \n \n\n uint256 size;\n \n assembly { size := extcodesize(account) }\n return size > 0;\n }\n}\n\ninterface IERC1820Registry {\n \n function setManager(address account, address newManager) external;\n\n \n function getManager(address account) external view returns (address);\n\n \n function setInterfaceImplementer(address account, bytes32 interfaceHash, address implementer) external;\n\n \n function getInterfaceImplementer(address account, bytes32 interfaceHash) external view returns (address);\n\n \n function interfaceHash(string calldata interfaceName) external pure returns (bytes32);\n\n \n function updateERC165Cache(address account, bytes4 interfaceId) external;\n\n \n function implementsERC165Interface(address account, bytes4 interfaceId) external view returns (bool);\n\n \n function implementsERC165InterfaceNoCache(address account, bytes4 interfaceId) external view returns (bool);\n\n event InterfaceImplementerSet(address indexed account, bytes32 indexed interfaceHash, address indexed implementer);\n\n event ManagerChanged(address indexed account, address indexed newManager);\n}\n\ncontract ERC777 is IERC777, IERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n IERC1820Registry private _erc1820 = IERC1820Registry(0x1820a4B7618BdE71Dce8cdc73aAB6C95905faD24);\n\n mapping(address => uint256) private _balances;\n\n uint256 private _totalSupply;\n\n string private _name;\n string private _symbol;\n\n \n \n\n \n bytes32 constant private TOKENS_SENDER_INTERFACE_HASH =\n 0x29ddb589b1fb5fc7cf394961c1adf5f8c6454761adf795e67fe149f658abe895;\n\n \n bytes32 constant private TOKENS_RECIPIENT_INTERFACE_HASH =\n 0xb281fc8c12954d22544db45de3159a39272895b169a852b314f9cc762e44c53b;\n\n \n address[] private _defaultOperatorsArray;\n\n \n mapping(address => bool) private _defaultOperators;\n\n \n mapping(address => mapping(address => bool)) private _operators;\n mapping(address => mapping(address => bool)) private _revokedDefaultOperators;\n\n \n mapping (address => mapping (address => uint256)) private _allowances;\n\n \n constructor(\n string memory name,\n string memory symbol,\n address[] memory defaultOperators\n ) public {\n _name = name;\n _symbol = symbol;\n\n _defaultOperatorsArray = defaultOperators;\n for (uint256 i = 0; i < _defaultOperatorsArray.length; i++) {\n _defaultOperators[_defaultOperatorsArray[i]] = true;\n }\n\n \n _erc1820.setInterfaceImplementer(address(this), keccak256(\"ERC777Token\"), address(this));\n _erc1820.setInterfaceImplementer(address(this), keccak256(\"ERC20Token\"), address(this));\n }\n\n \n function name() public view returns (string memory) {\n return _name;\n }\n\n \n function symbol() public view returns (string memory) {\n return _symbol;\n }\n\n \n function decimals() public pure returns (uint8) {\n return 18;\n }\n\n \n function granularity() public view returns (uint256) {\n return 1;\n }\n\n \n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\n\n \n function balanceOf(address tokenHolder) public view returns (uint256) {\n return _balances[tokenHolder];\n }\n\n \n function send(address recipient, uint256 amount, bytes calldata data) external {\n _send(msg.sender, msg.sender, recipient, amount, data, \"\", true);\n }\n\n \n function transfer(address recipient, uint256 amount) external returns (bool) {\n require(recipient != address(0), \"ERC777: transfer to the zero address\");\n\n address from = msg.sender;\n\n _callTokensToSend(from, from, recipient, amount, \"\", \"\");\n\n _move(from, from, recipient, amount, \"\", \"\");\n\n _callTokensReceived(from, from, recipient, amount, \"\", \"\", false);\n\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent18;\nfunction claimReward_re_ent18() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent18[msg.sender] > 0);\n uint transferValue_re_ent18 = redeemableEther_re_ent18[msg.sender];\n msg.sender.transfer(transferValue_re_ent18); //bug\n redeemableEther_re_ent18[msg.sender] = 0;\n }\n\n \n function burn(uint256 amount, bytes calldata data) external {\n _burn(msg.sender, msg.sender, amount, data, \"\");\n }\nmapping(address => uint) balances_re_ent29;\n function withdraw_balances_re_ent29 () public {\n if (msg.sender.send(balances_re_ent29[msg.sender ]))\n balances_re_ent29[msg.sender] = 0;\n }\n\n \n function isOperatorFor(\n address operator,\n address tokenHolder\n ) public view returns (bool) {\n return operator == tokenHolder ||\n (_defaultOperators[operator] && !_revokedDefaultOperators[tokenHolder][operator]) ||\n _operators[tokenHolder][operator];\n }\nbool not_called_re_ent6 = true;\nfunction bug_re_ent6() public{\n require(not_called_re_ent6);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent6 = false;\n }\n\n \n function authorizeOperator(address operator) external {\n require(msg.sender != operator, \"ERC777: authorizing self as operator\");\n\n if (_defaultOperators[operator]) {\n delete _revokedDefaultOperators[msg.sender][operator];\n } else {\n _operators[msg.sender][operator] = true;\n }\n\n emit AuthorizedOperator(operator, msg.sender);\n }\naddress payable lastPlayer_re_ent16;\n uint jackpot_re_ent16;\n\t function buyTicket_re_ent16() public{\n\t if (!(lastPlayer_re_ent16.send(jackpot_re_ent16)))\n revert();\n lastPlayer_re_ent16 = msg.sender;\n jackpot_re_ent16 = address(this).balance;\n }\n\n \n function revokeOperator(address operator) external {\n require(operator != msg.sender, \"ERC777: revoking self as operator\");\n\n if (_defaultOperators[operator]) {\n _revokedDefaultOperators[msg.sender][operator] = true;\n } else {\n delete _operators[msg.sender][operator];\n }\n\n emit RevokedOperator(operator, msg.sender);\n }\nmapping(address => uint) balances_re_ent24;\nfunction withdrawFunds_re_ent24 (uint256 _weiToWithdraw) public {\n require(balances_re_ent24[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent24[msg.sender] -= _weiToWithdraw;\n }\n\n \n function defaultOperators() public view returns (address[] memory) {\n return _defaultOperatorsArray;\n }\nmapping(address => uint) userBalance_re_ent5;\nfunction withdrawBalance_re_ent5() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent5[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent5[msg.sender] = 0;\n }\n\n \n function operatorSend(\n address sender,\n address recipient,\n uint256 amount,\n bytes calldata data,\n bytes calldata operatorData\n )\n external\n {\n require(isOperatorFor(msg.sender, sender), \"ERC777: caller is not an operator for holder\");\n _send(msg.sender, sender, recipient, amount, data, operatorData, true);\n }\nmapping(address => uint) balances_re_ent15;\n function withdraw_balances_re_ent15 () public {\n if (msg.sender.send(balances_re_ent15[msg.sender ]))\n balances_re_ent15[msg.sender] = 0;\n }\n\n \n function operatorBurn(address account, uint256 amount, bytes calldata data, bytes calldata operatorData) external {\n require(isOperatorFor(msg.sender, account), \"ERC777: caller is not an operator for holder\");\n _burn(msg.sender, account, amount, data, operatorData);\n }\nuint256 counter_re_ent28 =0;\nfunction callme_re_ent28() public{\n require(counter_re_ent28<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent28 += 1;\n }\n\n \n function allowance(address holder, address spender) public view returns (uint256) {\n return _allowances[holder][spender];\n }\nbool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n\n \n function approve(address spender, uint256 value) external returns (bool) {\n address holder = msg.sender;\n _approve(holder, spender, value);\n return true;\n }\nuint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n\n \n function transferFrom(address holder, address recipient, uint256 amount) external returns (bool) {\n require(recipient != address(0), \"ERC777: transfer to the zero address\");\n require(holder != address(0), \"ERC777: transfer from the zero address\");\n\n address spender = msg.sender;\n\n _callTokensToSend(spender, holder, recipient, amount, \"\", \"\");\n\n _move(spender, holder, recipient, amount, \"\", \"\");\n _approve(holder, spender, _allowances[holder][spender].sub(amount));\n\n _callTokensReceived(spender, holder, recipient, amount, \"\", \"\", false);\n\n return true;\n }\nmapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n\n \n function _mint(\n address operator,\n address account,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData\n )\n internal\n {\n require(account != address(0), \"ERC777: mint to the zero address\");\n\n \n _totalSupply = _totalSupply.add(amount);\n _balances[account] = _balances[account].add(amount);\n\n _callTokensReceived(operator, address(0), account, amount, userData, operatorData, true);\n\n emit Minted(operator, account, amount, userData, operatorData);\n emit Transfer(address(0), account, amount);\n }\nmapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n\n \n function _send(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData,\n bool requireReceptionAck\n )\n private\n {\n require(from != address(0), \"ERC777: send from the zero address\");\n require(to != address(0), \"ERC777: send to the zero address\");\n\n _callTokensToSend(operator, from, to, amount, userData, operatorData);\n\n _move(operator, from, to, amount, userData, operatorData);\n\n _callTokensReceived(operator, from, to, amount, userData, operatorData, requireReceptionAck);\n }\nmapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n\n \n function _burn(\n address operator,\n address from,\n uint256 amount,\n bytes memory data,\n bytes memory operatorData\n )\n private\n {\n require(from != address(0), \"ERC777: burn from the zero address\");\n\n _callTokensToSend(operator, from, address(0), amount, data, operatorData);\n\n \n _totalSupply = _totalSupply.sub(amount);\n _balances[from] = _balances[from].sub(amount);\n\n emit Burned(operator, from, amount, data, operatorData);\n emit Transfer(from, address(0), amount);\n }\nmapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n\n function _move(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData\n )\n private\n {\n _balances[from] = _balances[from].sub(amount);\n _balances[to] = _balances[to].add(amount);\n\n emit Sent(operator, from, to, amount, userData, operatorData);\n emit Transfer(from, to, amount);\n }\nmapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n\n function _approve(address holder, address spender, uint256 value) private {\n \n \n \n require(spender != address(0), \"ERC777: approve to the zero address\");\n\n _allowances[holder][spender] = value;\n emit Approval(holder, spender, value);\n }\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n\n \n function _callTokensToSend(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData\n )\n private\n {\n address implementer = _erc1820.getInterfaceImplementer(from, TOKENS_SENDER_INTERFACE_HASH);\n if (implementer != address(0)) {\n IERC777Sender(implementer).tokensToSend(operator, from, to, amount, userData, operatorData);\n }\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n\n \n function _callTokensReceived(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData,\n bool requireReceptionAck\n )\n private\n {\n address implementer = _erc1820.getInterfaceImplementer(to, TOKENS_RECIPIENT_INTERFACE_HASH);\n if (implementer != address(0)) {\n IERC777Recipient(implementer).tokensReceived(operator, from, to, amount, userData, operatorData);\n } else if (requireReceptionAck) {\n require(!to.isContract(), \"ERC777: token recipient contract has no implementer for ERC777TokensRecipient\");\n }\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n}\n\nlibrary Roles {\n struct Role {\n mapping (address => bool) bearer;\n }\n\n \n function add(Role storage role, address account) internal {\n require(!has(role, account), \"Roles: account already has role\");\n role.bearer[account] = true;\n }\n\n \n function remove(Role storage role, address account) internal {\n require(has(role, account), \"Roles: account does not have role\");\n role.bearer[account] = false;\n }\n\n \n function has(Role storage role, address account) internal view returns (bool) {\n require(account != address(0), \"Roles: account is the zero address\");\n return role.bearer[account];\n }\n}\n\ncontract MinterRole {\n using Roles for Roles.Role;\n\n uint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n event MinterAdded(address indexed account);\n mapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event MinterRemoved(address indexed account);\n\n Roles.Role private _minters;\n\n constructor () internal {\n _addMinter(msg.sender);\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n\n modifier onlyMinter() {\n require(isMinter(msg.sender), \"MinterRole: caller does not have the Minter role\");\n _;\n }\n\n function isMinter(address account) public view returns (bool) {\n return _minters.has(account);\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n function addMinter(address account) public onlyMinter {\n _addMinter(account);\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n function renounceMinter() public {\n _removeMinter(msg.sender);\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n\n function _addMinter(address account) internal {\n _minters.add(account);\n emit MinterAdded(account);\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n function _removeMinter(address account) internal {\n _minters.remove(account);\n emit MinterRemoved(account);\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n}\n\ncontract PauserRole {\n using Roles for Roles.Role;\n\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event PauserAdded(address indexed account);\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event PauserRemoved(address indexed account);\n\n Roles.Role private _pausers;\n\n constructor () internal {\n _addPauser(msg.sender);\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n modifier onlyPauser() {\n require(isPauser(msg.sender), \"PauserRole: caller does not have the Pauser role\");\n _;\n }\n\n function isPauser(address account) public view returns (bool) {\n return _pausers.has(account);\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n function addPauser(address account) public onlyPauser {\n _addPauser(account);\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n function renouncePauser() public {\n _removePauser(msg.sender);\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n function _addPauser(address account) internal {\n _pausers.add(account);\n emit PauserAdded(account);\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n function _removePauser(address account) internal {\n _pausers.remove(account);\n emit PauserRemoved(account);\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n}\n\ncontract Pausable is PauserRole {\n \n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Paused(address account);\n\n \n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Unpaused(address account);\n\n bool private _paused;\n\n \n constructor () internal {\n _paused = false;\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n \n function paused() public view returns (bool) {\n return _paused;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n \n modifier whenNotPaused() {\n require(!_paused, \"Pausable: paused\");\n _;\n }\n\n \n modifier whenPaused() {\n require(_paused, \"Pausable: not paused\");\n _;\n }\n\n \n function pause() public onlyPauser whenNotPaused {\n _paused = true;\n emit Paused(msg.sender);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n \n function unpause() public onlyPauser whenPaused {\n _paused = false;\n emit Unpaused(msg.sender);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n}\n\ncontract SKYBITToken is ERC777, MinterRole, Pausable {\n constructor(\n uint256 initialSupply,\n address[] memory defaultOperators\n )\n\n ERC777(\"SKYBIT\", \"SKYBIT\", defaultOperators)\n public {\n _mint(msg.sender, msg.sender, initialSupply, \"\", \"\");\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n function mint(address operator, address account, uint256 amount, bytes memory userData, bytes memory operatorData) public onlyMinter returns (bool) {\n _mint(operator, account, amount, userData, operatorData);\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "buggy_36.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity >=0.5.1;\n\n\ncontract owned {\n mapping(address => uint) balances_re_ent15;\n function withdraw_balances_re_ent15 () public {\n if (msg.sender.send(balances_re_ent15[msg.sender ]))\n balances_re_ent15[msg.sender] = 0;\n }\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address newOwner) onlyOwner public {\n owner = newOwner;\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n}\n\n\ncontract tokenRecipient {\n mapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n event receivedEther(address sender, uint amount);\n mapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n event receivedTokens(address _from, uint256 _value, address _token, bytes _extraData);\n\n function receiveApproval(address _from, uint256 _value, address _token, bytes memory _extraData) public {\n Token t = Token(_token);\n require(t.transferFrom(_from, address(this), _value));\n emit receivedTokens(_from, _value, _token, _extraData);\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n\n function () payable external {\n emit receivedEther(msg.sender, msg.value);\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n}\n\n\ncontract Token {\n function totalSupply() public view returns (uint256);\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n function actualBalanceOf(address _owner) public view returns (uint256 balance);\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n function renounceOwnership() public;\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n function transferOwnership(address _newOwner) public;\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n function pause() public;\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n function unpause() public;\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n}\n\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"Safe mul error\");\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"Safe div error\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"Safe sub error\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"Safe add error\");\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"Safe mod error\");\n return a % b;\n }\n}\n\n\n/**\n * The Mindsync Platform contract\n */\ncontract MindsyncPlatform is owned, tokenRecipient {\n using SafeMath for uint256;\n\n uint256 counter_re_ent28 =0;\nfunction callme_re_ent28() public{\n require(counter_re_ent28<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent28 += 1;\n }\n uint public minimumQuorum;\n bool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n uint public minimumTokensToVote;\n uint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n uint public debatingPeriodInMinutes;\n mapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n Proposal[] public proposals;\n mapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n uint public numProposals;\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n Token public tokenAddress;\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n address chairmanAddress;\n\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n bool public initialized = false;\n\n uint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n event Initialized();\n mapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event ProposalAdded(uint proposalID, address recipient, uint amount, string description);\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event Voted(uint proposalID, bool position, address voter);\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event ProposalTallied(uint proposalID, uint result, uint quorum, bool active);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event ChangeOfRules(uint newMinimumTokensToVote, uint newMinimumQuorum, uint newDebatingPeriodInMinutes, address newTokenAddress, address newChairmanAddress);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event ProposalSignedByChairman(uint proposalNumber, bool sign, address chairman);\n \n struct Proposal {\n address recipient;\n uint amount;\n string description;\n bool signedByChairman;\n uint minExecutionDate;\n bool executed;\n bool proposalPassed;\n uint numberOfVotes;\n bytes32 proposalHash;\n Vote[] votes;\n mapping (address => bool) voted;\n }\n\n struct Vote {\n bool inSupport;\n address voter;\n }\n\n // Modifier that allows only tokenholders with at least minimumTokensToVote tokens to vote and create new proposals\n modifier onlyTokenholders {\n require(tokenAddress.actualBalanceOf(msg.sender) > minimumTokensToVote);\n _;\n }\n\n // Modifier that allows only chairman execute function\n modifier onlyChairman {\n require(msg.sender == chairmanAddress);\n _;\n }\n\n\n /**\n * Constructor\n *\n * First time rules setup \n */\n constructor() payable public {\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n\n /**\n * Initialize contract\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function init(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(!initialized);\n initialized = true;\n changeVotingRules(_tokenAddress, _chairmanAddress, _minimumTokensToVote, _minimumPercentToPassAVote, _minutesForDebate);\n emit Initialized();\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n\n /**\n * Change voting rules\n *\n * Make so that proposals need to be discussed for at least `minutesForDebate/60` hours\n * and all voters combined must own more than `minimumPercentToPassAVote` multiplied by total supply tokens of `tokenAddress` to be executed\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function changeVotingRules(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(_chairmanAddress != address(0));\n require(_minimumPercentToPassAVote <= 51);\n tokenAddress = Token(_tokenAddress);\n chairmanAddress = _chairmanAddress;\n if (_minimumTokensToVote == 0 ) _minimumTokensToVote = 1;\n minimumTokensToVote = _minimumTokensToVote;\n if (_minimumPercentToPassAVote == 0 ) _minimumPercentToPassAVote = 51;\n minimumQuorum = _minimumPercentToPassAVote;\n debatingPeriodInMinutes = _minutesForDebate;\n emit ChangeOfRules(_minimumTokensToVote, minimumQuorum, debatingPeriodInMinutes, address(tokenAddress), chairmanAddress);\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n\n /**\n * Add Proposal\n *\n * Propose to execute transaction\n *\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionDescription Description of transaction\n * @param transactionBytecode bytecode of transaction\n */\n function newProposal(\n address destination,\n uint weiAmount,\n string memory transactionDescription,\n bytes memory transactionBytecode\n )\n onlyTokenholders public\n returns (uint proposalID)\n {\n proposalID = proposals.length++;\n Proposal storage p = proposals[proposalID];\n p.recipient = destination;\n p.signedByChairman = false;\n p.amount = weiAmount;\n p.description = transactionDescription;\n p.proposalHash = keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n p.minExecutionDate = now + debatingPeriodInMinutes * 1 minutes;\n p.executed = false;\n p.proposalPassed = false;\n p.numberOfVotes = 0;\n emit ProposalAdded(proposalID, destination, weiAmount, transactionDescription);\n numProposals = proposalID+1;\n\n return proposalID;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n\n /**\n * Check if a proposal code matches\n *\n * @param proposalNumber ID number of the proposal to query\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionBytecode bytecode of transaction\n */\n function checkProposalCode(\n uint proposalNumber,\n address destination,\n uint weiAmount,\n bytes memory transactionBytecode\n )\n view public\n returns (bool codeChecksOut)\n {\n Proposal storage p = proposals[proposalNumber];\n return p.proposalHash == keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n\n /**\n * Sign a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param signProposal true for sign\n */\n function sign(\n uint proposalNumber,\n bool signProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n require(initialized);\n Proposal storage p = proposals[proposalNumber];\n require(msg.sender == chairmanAddress);\n require(signProposal == true);\n\n p.signedByChairman = signProposal;\n emit ProposalSignedByChairman(proposalNumber, signProposal, msg.sender);\n return proposalNumber;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n\n /**\n * Log a vote for a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param supportsProposal either in favor or against it\n */\n function vote(\n uint proposalNumber,\n bool supportsProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n Proposal storage p = proposals[proposalNumber];\n require(p.voted[msg.sender] != true);\n\n voteID = p.votes.length++;\n p.votes[voteID] = Vote({inSupport: supportsProposal, voter: msg.sender});\n p.voted[msg.sender] = true;\n p.numberOfVotes = voteID +1;\n emit Voted(proposalNumber, supportsProposal, msg.sender);\n return voteID;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /**\n * Finish vote\n *\n * Count the votes proposal #`proposalNumber` and execute it if approved\n *\n * @param proposalNumber proposal number\n * @param transactionBytecode optional: if the transaction contained a bytecode, you need to send it\n */\n function executeProposal(uint proposalNumber, bytes memory transactionBytecode) public {\n Proposal storage p = proposals[proposalNumber];\n\n require(initialized);\n require(now > p.minExecutionDate // If it is past the voting deadline\n && !p.executed // and it has not already been executed\n && p.proposalHash == keccak256(abi.encodePacked(p.recipient, p.amount, transactionBytecode))); // and the supplied code matches the proposal...\n\n\n // ...then tally the results\n uint quorum = 0;\n uint yea = 0;\n uint nay = 0;\n\n for (uint i = 0; i < p.votes.length; ++i) {\n Vote storage v = p.votes[i];\n uint voteWeight = tokenAddress.actualBalanceOf(v.voter);\n quorum += voteWeight;\n if (v.inSupport) {\n yea += voteWeight;\n } else {\n nay += voteWeight;\n }\n }\n\n Token t = Token(tokenAddress);\n require(quorum >= t.totalSupply().mul(minimumQuorum).div(100)); // Check if a minimum quorum has been reached\n\n if (yea > nay ) {\n // Proposal passed; execute the transaction\n\n p.executed = true;\n \n (bool success, ) = p.recipient.call.value(p.amount)(transactionBytecode);\n require(success);\n\n p.proposalPassed = true;\n } else {\n // Proposal failed\n p.proposalPassed = false;\n }\n\n // Fire Events\n emit ProposalTallied(proposalNumber, yea - nay, quorum, p.proposalPassed);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 63\n */\n\npragma solidity ^0.4.19;\n\ncontract MONEY_BOX \n{\n struct Holder \n {\n uint unlockTime;\n uint balance;\n }\n \n mapping (address => Holder) public Acc;\n \n uint public MinSum;\n \n Log LogFile;\n \n bool intitalized;\n \n function SetMinSum(uint _val)\n public\n {\n if(intitalized)throw;\n MinSum = _val;\n }\n \n function SetLogFile(address _log)\n public\n {\n if(intitalized)throw;\n LogFile = Log(_log);\n }\n \n function Initialized()\n public\n {\n intitalized = true;\n }\n \n function Put(uint _lockTime)\n public\n payable\n {\n var acc = Acc[msg.sender];\n acc.balance += msg.value;\n if(now+_lockTime>acc.unlockTime)acc.unlockTime=now+_lockTime;\n LogFile.AddMessage(msg.sender,msg.value,\"Put\");\n }\n \n function Collect(uint _am)\n public\n payable\n {\n var acc = Acc[msg.sender];\n if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n acc.balance-=_am;\n LogFile.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n \n function() \n public \n payable\n {\n Put(0);\n }\n \n}\n\n\ncontract Log \n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "buggy_8.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\ncontract Ownable {\nmapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n address public owner;\n\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n\n /**\n * @dev The Ownable constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor () public {\n owner = msg.sender;\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n}\n\ncontract TokenERC20 {\n // Public variables of the token\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n string public name;\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n string public symbol;\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n uint256 public totalSupply;\n\n // This creates an array with all balances\n uint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n mapping (address => uint256) public balanceOf;\n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constrctor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value > balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` in behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens in your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n /**\n * Set allowance for other address and notify\n \n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n}\n\n/******************************************/\n/* ADVANCED TOKEN STARTS HERE */\n/******************************************/\n\ncontract YFT is Ownable, TokenERC20 {\n\n mapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n uint256 public sellPrice;\n address payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n uint256 public buyPrice;\n\n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n mapping (address => bool) public frozenAccount;\n\n /* This generates a public event on the blockchain that will notify clients */\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event FrozenFunds(address target, bool frozen);\n\n /* Initializes contract with initial supply tokens to the creator of the contract */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {}\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n /* Internal transfer, only can be called by this contract */\n function _transfer(address _from, address _to, uint _value) internal {\n require (_to != address(0x0)); // Prevent transfer to 0x0 address. Use burn() instead\n require (balanceOf[_from] >= _value); // Check if the sender has enough\n require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows\n require(!frozenAccount[_from]); // Check if sender is frozen\n require(!frozenAccount[_to]); // Check if recipient is frozen\n balanceOf[_from] -= _value; // Subtract from the sender\n balanceOf[_to] += _value; // Add the same to the recipient\n emit Transfer(_from, _to, _value);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n /// @notice Create `mintedAmount` tokens and send it to `target`\n /// @param target Address to receive the tokens\n /// @param mintedAmount the amount of tokens it will receive\n function mintToken(address target, uint256 mintedAmount) onlyOwner public {\n balanceOf[target] += mintedAmount;\n totalSupply += mintedAmount;\n emit Transfer(address(0), address(this), mintedAmount);\n emit Transfer(address(this), target, mintedAmount);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens\n /// @param target Address to be frozen\n /// @param freeze either to freeze it or not\n function freezeAccount(address target, bool freeze) onlyOwner public {\n frozenAccount[target] = freeze;\n emit FrozenFunds(target, freeze);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth\n /// @param newSellPrice Price the users can sell to the contract\n /// @param newBuyPrice Price users can buy from the contract\n function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public {\n sellPrice = newSellPrice;\n buyPrice = newBuyPrice;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n /// @notice Buy tokens from contract by sending ether\n function buy() payable public {\n uint amount = msg.value / buyPrice; // calculates the amount\n _transfer(address(this), msg.sender, amount); // makes the transfers\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n /// @notice Sell `amount` tokens to contract\n /// @param amount amount of tokens to be sold\n function sell(uint256 amount) public {\n address myAddress = address(this);\n require(myAddress.balance >= amount * sellPrice); // checks if the contract has enough ether to buy\n _transfer(msg.sender, address(this), amount); // makes the transfers\n msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n}" + }, + { + "contract": "buggy_9.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\n/**\n * @title SafeMath\n * Math operations with safety checks that throw on error\n */\nlibrary SafeMath {\n\n /**\n * Multiplies two numbers, throws on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {\n if (a == 0) {\n return 0;\n }\n c = a * b;\n assert(c / a == b);\n return c;\n }\n\n /**\n * Integer division of two numbers, truncating the quotient.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // assert(b > 0); // Solidity automatically throws when dividing by 0\n // uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n return a / b;\n }\n\n /**\n * Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n /**\n * Adds two numbers, throws on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256 c) {\n c = a + b;\n assert(c >= a);\n return c;\n }\n}\n\n\ncontract Ownable {\n mapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n}\n\ncontract TokenERC20 is Ownable {\n using SafeMath for uint256;\n\n // Public variables of the token\n address payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n string public name;\n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n string public symbol;\n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint8 public decimals;\n\n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n uint256 private _totalSupply;\n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n uint256 public cap;\n\n // This creates an array with all balances\n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n mapping (address => uint256) private _balances;\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\n // This generates a public event on the blockchain that will notify clients\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n // This generates a public event on the blockchain that will notify clients\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n // This generates a public event on the blockchain that will notify clients\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Mint(address indexed to, uint256 amount);\n\n /**\n * @dev Fix for the ERC20 short address attack.\n */\n modifier onlyPayloadSize(uint size) {\n require(msg.data.length >= size + 4);\n _;\n }\n\n /**\n * Constrctor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 _cap,\n uint256 _initialSupply,\n string memory _name,\n string memory _symbol,\n uint8 _decimals\n ) public {\n require(_cap >= _initialSupply);\n\n cap = _cap;\n name = _name; // Set the cap of total supply\n symbol = _symbol; // Set the symbol for display purposes\n decimals = _decimals; // Set the decimals\n\n _totalSupply = _initialSupply; // Update total supply with the decimal amount\n _balances[owner] = _totalSupply; // Give the creator all initial tokens\n emit Transfer(address(0), owner, _totalSupply);\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n /**\n * Total number of tokens in existence.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n /**\n * Gets the balance of the specified address.\n * @param _owner The address to query the balance of.\n * @return A uint256 representing the amount owned by the passed address.\n */\n function balanceOf(address _owner) public view returns (uint256) {\n return _balances[_owner];\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n /**\n * Function to check the amount of tokens that an owner allowed to a spender.\n * @param _owner address The address which owns the funds.\n * @param _spender address The address which will spend the funds.\n * @return A uint256 specifying the amount of tokens still available for the spender.\n */\n function allowance(address _owner, address _spender) public view returns (uint256) {\n return _allowed[_owner][_spender];\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n /**\n * Transfer token to a specified address.\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function transfer(address _to, uint256 _value) onlyPayloadSize(2 * 32) public returns (bool) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n /**\n * Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.\n * Beware that changing an allowance with this method brings the risk that someone may use both the old\n * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this\n * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n * @param _spender The address which will spend the funds.\n * @param _value The amount of tokens to be spent.\n */\n function approve(address _spender, uint256 _value) public returns (bool) {\n _approve(msg.sender, _spender, _value);\n return true;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /**\n * Transfer tokens from one address to another.\n * Note that while this function emits an Approval event, this is not required as per the specification,\n * and other compliant implementations may not emit the event.\n * @param _from address The address which you want to send tokens from\n * @param _to address The address which you want to transfer to\n * @param _value uint256 the amount of tokens to be transferred\n */\n function transferFrom(address _from, address _to, uint256 _value) onlyPayloadSize(3 * 32) public returns (bool) {\n _transfer(_from, _to, _value);\n _approve(_from, msg.sender, _allowed[_from][msg.sender].sub(_value));\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n /**\n * Transfer token for a specified addresses.\n * @param _from The address to transfer from.\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function _transfer(address _from, address _to, uint256 _value) internal {\n require(_to != address(0), \"ERC20: transfer to the zero address\");\n\n _balances[_from] = _balances[_from].sub(_value);\n _balances[_to] = _balances[_to].add(_value);\n emit Transfer(_from, _to, _value);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n /**\n * Approve an address to spend another addresses' tokens.\n * @param _owner The address that owns the tokens.\n * @param _spender The address that will spend the tokens.\n * @param _value The number of tokens that can be spent.\n */\n function _approve(address _owner, address _spender, uint256 _value) internal {\n require(_owner != address(0), \"ERC20: approve from the zero address\");\n require(_spender != address(0), \"ERC20: approve to the zero address\");\n\n _allowed[_owner][_spender] = _value;\n emit Approval(_owner, _spender, _value);\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n /**\n * Function to mint tokens\n * @param _to The address that will receive the minted tokens.\n * @param _amount The amount of tokens to mint.\n * @return A boolean that indicates if the operation was successful.\n */\n function mint(address _to, uint256 _amount) onlyOwner public returns (bool) {\n require(_totalSupply.add(_amount) <= cap);\n\n _totalSupply = _totalSupply.add(_amount);\n _balances[_to] = _balances[_to].add(_amount);\n emit Mint(_to, _amount);\n emit Transfer(address(0), _to, _amount);\n return true;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n /**\n * Transfer token to servral addresses.\n * @param _tos The addresses to transfer to.\n * @param _values The amounts to be transferred.\n */\n function transferBatch(address[] memory _tos, uint256[] memory _values) public returns (bool) {\n require(_tos.length == _values.length);\n\n for (uint256 i = 0; i < _tos.length; i++) {\n transfer(_tos[i], _values[i]);\n }\n return true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n}\n\n/******************************************/\n/* XLToken TOKEN STARTS HERE */\n/******************************************/\n\ncontract XLToken is TokenERC20 {\n /* Initializes contract with initial supply tokens to the creator of the contract */\n constructor() TokenERC20(18*10**16, 12*10**16, \"XL Token\", \"XL\", 8) public {}\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}" + }, + { + "contract": "0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 41\n */\n\npragma solidity ^0.4.19;\n\ncontract ETH_VAULT\n{\n mapping (address => uint) public balances;\n \n uint public MinDeposit = 1 ether;\n \n Log TransferLog;\n \n function ETH_VAULT(address _log)\n public \n {\n TransferLog = Log(_log);\n }\n \n function Deposit()\n public\n payable\n {\n if(msg.value > MinDeposit)\n {\n balances[msg.sender]+=msg.value;\n TransferLog.AddMessage(msg.sender,msg.value,\"Deposit\");\n }\n }\n \n function CashOut(uint _am)\n public\n payable\n {\n if(_am<=balances[msg.sender])\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n TransferLog.AddMessage(msg.sender,_am,\"CashOut\");\n }\n }\n }\n \n function() public payable{} \n \n}\n\ncontract Log \n{\n \n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "0x561eac93c92360949ab1f1403323e6db345cbf31.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 54\n */\n\npragma solidity ^0.4.19;\n\ncontract BANK_SAFE\n{\n mapping (address=>uint256) public balances; \n \n uint public MinSum;\n \n LogFile Log;\n \n bool intitalized;\n \n function SetMinSum(uint _val)\n public\n {\n if(intitalized)throw;\n MinSum = _val;\n }\n \n function SetLogFile(address _log)\n public\n {\n if(intitalized)throw;\n Log = LogFile(_log);\n }\n \n function Initialized()\n public\n {\n intitalized = true;\n }\n \n function Deposit()\n public\n payable\n {\n balances[msg.sender]+= msg.value;\n Log.AddMessage(msg.sender,msg.value,\"Put\");\n }\n \n function Collect(uint _am)\n public\n payable\n {\n if(balances[msg.sender]>=MinSum && balances[msg.sender]>=_am)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n Log.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n \n function() \n public \n payable\n {\n Deposit();\n }\n \n}\n\n\n\ncontract LogFile\n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "reentrancy_insecure.sol", + "label": "reentrancy", + "code": "/*\n * @source: https://consensys.github.io/smart-contract-best-practices/known_attacks/\n * @author: consensys\n * @vulnerable_at_lines: 17\n */\n\npragma solidity ^0.5.0;\n\ncontract Reentrancy_insecure {\n\n // INSECURE\n mapping (address => uint) private userBalances;\n\n function withdrawBalance() public {\n uint amountToWithdraw = userBalances[msg.sender];\n // REENTRANCY\n (bool success, ) = msg.sender.call.value(amountToWithdraw)(\"\"); // At this point, the caller's code is executed, and can call withdrawBalance again\n require(success);\n userBalances[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "buggy_50.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.11;\n\ncontract digitalNotary\n{\n \n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n address payable private manager;\n \n mapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n bool private contractactive;\n \n address payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n uint private hashfee;\n \n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n uint private changehashownerfee;\n \n struct HashRegistration \n {\n address owner;\n uint registrationtime;\n }\n \n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n mapping(bytes32 => HashRegistration[]) HashList;\n \n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n uint private HashListLength;\n \n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event RegisterHashEvent(address indexed msgsender, bytes32 indexed hash, uint timestamp);\n \n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event ChangeHashOwnershipEvent(address indexed msgsender, address indexed newowner, bytes32 indexed hash, uint timestamp);\n \n constructor() public\n {\n\n manager = msg.sender;\n \n contractactive = true;\n \n hashfee = 5000000000000000;\n \n changehashownerfee = 25000000000000000;\n \n HashListLength = 0;\n \n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n \n modifier onlyManager()\n {\n require(msg.sender == manager);\n _;\n }\n \n \n function gethashfee() external view returns(uint)\n {\n return hashfee;\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n \n function sethashfee(uint newfee) external onlyManager\n {\n require(newfee >= 0);\n \n hashfee = newfee;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n \n function getchangehashownerfee() external view returns(uint)\n {\n return changehashownerfee;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n \n function setchangehashownerfee(uint newfee) external onlyManager\n {\n require(newfee >= 0);\n \n changehashownerfee = newfee;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n \n function getcontractactive() external view returns (bool)\n {\n return contractactive;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n \n function setcontractactive(bool contactive) external onlyManager\n {\n contractactive = contactive;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n \n function getmanager() external view returns(address)\n {\n return manager;\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n \n function setmanager(address payable newmngr) external onlyManager\n {\n require(newmngr.balance > 0);\n manager = newmngr;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n \n function getcontractbalance() public view returns(uint)\n {\n \n return address(this).balance;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n \n function transfercontractbalance() external onlyManager\n {\n uint cb = address(this).balance;\n \n require(cb > 0);\n \n manager.transfer(cb);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n \n function getHashOwnersCount(bytes32 hash) public view returns(uint)\n {\n return HashList[hash].length;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n \n function getNumberofHashesRegistered() external view returns(uint)\n {\n return HashListLength;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n \n function getHashDetails(bytes32 hash,uint indx) external view returns (address,uint)\n {\n\n uint owncount = getHashOwnersCount(hash);\n require(owncount > 0);\n require(indx < owncount);\n \n return (HashList[hash][indx].owner,HashList[hash][indx].registrationtime);\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n \n function registerHash(bytes32 hash) external payable\n {\n \n require(contractactive == true);\n require(getHashOwnersCount(hash) == 0);\n require(msg.value == hashfee);\n \n HashRegistration memory thisregistration;\n thisregistration.owner = msg.sender;\n thisregistration.registrationtime = now;\n \n HashList[hash].push(thisregistration);\n \n HashListLength++;\n \n emit RegisterHashEvent(thisregistration.owner, hash, thisregistration.registrationtime);\n \n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n \n function changeHashOwnership(bytes32 hash, address newowner) external payable\n {\n \n require(contractactive == true);\n uint owncount = getHashOwnersCount(hash);\n require(owncount > 0);\n require(msg.sender == HashList[hash][owncount - 1].owner); \n require(msg.value == changehashownerfee);\n \n HashRegistration memory thisregistration;\n thisregistration.owner = newowner;\n thisregistration.registrationtime = now;\n \n HashList[hash].push(thisregistration);\n \n emit ChangeHashOwnershipEvent(msg.sender, thisregistration.owner, hash, thisregistration.registrationtime);\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n \n function () external\n {\n \t\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n}\n" + }, + { + "contract": "reentrancy_bonus.sol", + "label": "reentrancy", + "code": "/*\n * @source: https://consensys.github.io/smart-contract-best-practices/known_attacks/\n * @author: consensys\n * @vulnerable_at_lines: 28\n */\n\npragma solidity ^0.4.0;\n\ncontract Reentrancy_bonus{\n\n // INSECURE\n mapping (address => uint) private userBalances;\n mapping (address => bool) private claimedBonus;\n mapping (address => uint) private rewardsForA;\n\n function withdrawReward(address recipient) public {\n uint amountToWithdraw = rewardsForA[recipient];\n rewardsForA[recipient] = 0;\n (bool success, ) = recipient.call.value(amountToWithdraw)(\"\");\n require(success);\n }\n\n function getFirstWithdrawalBonus(address recipient) public {\n require(!claimedBonus[recipient]); // Each recipient should only be able to claim the bonus once\n\n rewardsForA[recipient] += 100;\n // REENTRANCY\n withdrawReward(recipient); // At this point, the caller will be able to execute getFirstWithdrawalBonus again.\n claimedBonus[recipient] = true;\n }\n}\n" + }, + { + "contract": "buggy_15.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, April 30, 2019\n (UTC) */\n\npragma solidity ^0.5.7;\n\ninterface tokenRecipient { \n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\ncontract MD{\n // Public variables of the token\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n string public name;\n mapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n string public symbol;\n mapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n mapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n uint256 public totalSupply;\n\n // This creates an array with all balances\n uint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n mapping (address => uint256) public balanceOf;\n address payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constructor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value >= balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` on behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n /**\n * Set allowance for other address and notify\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n * @param _extraData some extra information to send to the approved contract\n */\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData)\n public\n returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}" + }, + { + "contract": "0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 54\n */\n\npragma solidity ^0.4.19;\n\ncontract PERSONAL_BANK\n{\n mapping (address=>uint256) public balances; \n \n uint public MinSum = 1 ether;\n \n LogFile Log = LogFile(0x0486cF65A2F2F3A392CBEa398AFB7F5f0B72FF46);\n \n bool intitalized;\n \n function SetMinSum(uint _val)\n public\n {\n if(intitalized)revert();\n MinSum = _val;\n }\n \n function SetLogFile(address _log)\n public\n {\n if(intitalized)revert();\n Log = LogFile(_log);\n }\n \n function Initialized()\n public\n {\n intitalized = true;\n }\n \n function Deposit()\n public\n payable\n {\n balances[msg.sender]+= msg.value;\n Log.AddMessage(msg.sender,msg.value,\"Put\");\n }\n \n function Collect(uint _am)\n public\n payable\n {\n if(balances[msg.sender]>=MinSum && balances[msg.sender]>=_am)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n Log.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n \n function() \n public \n payable\n {\n Deposit();\n }\n \n}\n\n\n\ncontract LogFile\n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "buggy_16.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-28\n*/\n\n/*\n * website: https://exclusiveplatform.com\n*/\n\npragma solidity ^0.5.11;\n\n/**\n * @title SafeMath\n */\nlibrary SafeMath {\n\n /**\n * @dev Multiplies two numbers, throws on overflow.\n */\n function mul(uint a, uint b) internal pure returns (uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\n\n /**\n * @dev Integer division of two numbers, truncating the quotient.\n */\n function div(uint a, uint b) internal pure returns (uint c) {\n require(b > 0);\n c = a / b;\n }\n\n /**\n * @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint a, uint b) internal pure returns (uint c) {\n require(b <= a);\n c = a - b;\n }\n\n /**\n * @dev Adds two numbers, throws on overflow.\n */\n function add(uint a, uint b) internal pure returns (uint c) {\n c = a + b;\n require(c >= a);\n }\n}\n\n\ncontract ERC20Interface {\n function totalSupply() public view returns (uint256);\nuint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n function balanceOf(address tokenOwner) public view returns (uint256 balance);\nmapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n function allowance(address tokenOwner, address spender) public view returns (uint256 remaining);\nmapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n function transfer(address to, uint256 tokens) public returns (bool success);\nmapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n function approve(address spender, uint256 tokens) public returns (bool success);\nmapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n function transferFrom(address from, address to, uint256 tokens) public returns (bool success);\nmapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n\n uint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n event Transfer(address indexed from, address indexed to, uint256 tokens);\n mapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event Approval(address indexed tokenOwner, address indexed spender, uint256 tokens);\n}\n\n\ncontract Owned {\n mapping(address => uint) redeemableEther_re_ent18;\nfunction claimReward_re_ent18() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent18[msg.sender] > 0);\n uint transferValue_re_ent18 = redeemableEther_re_ent18[msg.sender];\n msg.sender.transfer(transferValue_re_ent18); //bug\n redeemableEther_re_ent18[msg.sender] = 0;\n }\n address payable public owner;\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev The Ownable constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor() public {\n owner = msg.sender;\n }\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address payable newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n\n}\n\ncontract ExclusivePlatform is ERC20Interface, Owned {\n \n using SafeMath for uint256;\n \n mapping(address => uint) balances_re_ent29;\n function withdraw_balances_re_ent29 () public {\n if (msg.sender.send(balances_re_ent29[msg.sender ]))\n balances_re_ent29[msg.sender] = 0;\n }\n mapping (address => uint256) balances;\n bool not_called_re_ent6 = true;\nfunction bug_re_ent6() public{\n require(not_called_re_ent6);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent6 = false;\n }\n mapping (address => mapping (address => uint256)) allowed;\n\n address payable lastPlayer_re_ent16;\n uint jackpot_re_ent16;\n\t function buyTicket_re_ent16() public{\n\t if (!(lastPlayer_re_ent16.send(jackpot_re_ent16)))\n revert();\n lastPlayer_re_ent16 = msg.sender;\n jackpot_re_ent16 = address(this).balance;\n }\n string public name = \"Exclusive Platform\";\n mapping(address => uint) balances_re_ent24;\nfunction withdrawFunds_re_ent24 (uint256 _weiToWithdraw) public {\n require(balances_re_ent24[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent24[msg.sender] -= _weiToWithdraw;\n }\n string public symbol = \"XPL\";\n mapping(address => uint) userBalance_re_ent5;\nfunction withdrawBalance_re_ent5() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent5[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent5[msg.sender] = 0;\n }\n uint256 public decimals = 8;\n mapping(address => uint) balances_re_ent15;\n function withdraw_balances_re_ent15 () public {\n if (msg.sender.send(balances_re_ent15[msg.sender ]))\n balances_re_ent15[msg.sender] = 0;\n }\n uint256 public _totalSupply;\n \n uint256 counter_re_ent28 =0;\nfunction callme_re_ent28() public{\n require(counter_re_ent28<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent28 += 1;\n }\n uint256 public XPLPerEther = 8000000e8;\n uint256 public minimumBuy = 1 ether / 100;\n bool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n bool public crowdsaleIsOn = true;\n \n //mitigates the ERC20 short address attack\n //suggested by izqui9 @ http://bit.ly/2NMMCNv\n modifier onlyPayloadSize(uint size) {\n assert(msg.data.length >= size + 4);\n _;\n }\n\n constructor () public {\n _totalSupply = 10000000000e8;\n balances[owner] = _totalSupply;\n emit Transfer(address(0), owner, _totalSupply);\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n \n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n \n function updateXPLPerEther(uint _XPLPerEther) public onlyOwner { \n emit NewPrice(owner, XPLPerEther, _XPLPerEther);\n XPLPerEther = _XPLPerEther;\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n function switchCrowdsale() public onlyOwner {\n crowdsaleIsOn = !(crowdsaleIsOn);\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n \n function getBonus(uint256 _amount) internal view returns (uint256) {\n if (_amount >= XPLPerEther.mul(5)) {\n /*\n * 20% bonus for 5 eth above\n */\n return ((20 * _amount).div(100)).add(_amount); \n } else if (_amount >= XPLPerEther) {\n /*\n * 5% bonus for 1 eth above\n */\n return ((5 * _amount).div(100)).add(_amount); \n }\n return _amount;\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n \n function () payable external {\n require(crowdsaleIsOn && msg.value >= minimumBuy);\n \n uint256 totalBuy = (XPLPerEther.mul(msg.value)).div(1 ether);\n totalBuy = getBonus(totalBuy);\n \n doTransfer(owner, msg.sender, totalBuy);\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n \n function distribute(address[] calldata _addresses, uint256 _amount) external { \n for (uint i = 0; i < _addresses.length; i++) {transfer(_addresses[i], _amount);}\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n \n function distributeWithAmount(address[] calldata _addresses, uint256[] calldata _amounts) external {\n require(_addresses.length == _amounts.length);\n for (uint i = 0; i < _addresses.length; i++) {transfer(_addresses[i], _amounts[i]);}\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n /// @dev This is the actual transfer function in the token contract, it can\n /// only be called by other functions in this contract.\n /// @param _from The address holding the tokens being transferred\n /// @param _to The address of the recipient\n /// @param _amount The amount of tokens to be transferred\n /// @return True if the transfer was successful\n function doTransfer(address _from, address _to, uint _amount) internal {\n // Do not allow transfer to 0x0 or the token contract itself\n require((_to != address(0)));\n require(_amount <= balances[_from]);\n balances[_from] = balances[_from].sub(_amount);\n balances[_to] = balances[_to].add(_amount);\n emit Transfer(_from, _to, _amount);\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n \n function balanceOf(address _owner) view public returns (uint256) {\n return balances[_owner];\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n \n function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) {\n doTransfer(msg.sender, _to, _amount);\n return true;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n /// @return The balance of `_owner`\n function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) {\n require(allowed[_from][msg.sender] >= _amount);\n allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount);\n doTransfer(_from, _to, _amount);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n /// @notice `msg.sender` approves `_spender` to spend `_amount` tokens on\n /// its behalf. This is a modified version of the ERC20 approve function\n /// to be a little bit safer\n /// @param _spender The address of the account able to transfer the tokens\n /// @param _amount The amount of tokens to be approved for transfer\n /// @return True if the approval was successful\n function approve(address _spender, uint256 _amount) public returns (bool success) {\n // To change the approve amount you first have to reduce the addresses`\n // allowance to zero by calling `approve(_spender,0)` if it is not\n // already 0 to mitigate the race condition described here:\n // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n require((_amount == 0) || (allowed[msg.sender][_spender] == 0));\n allowed[msg.sender][_spender] = _amount;\n emit Approval(msg.sender, _spender, _amount);\n return true;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n \n function allowance(address _owner, address _spender) view public returns (uint256) {\n return allowed[_owner][_spender];\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n \n function transferEther(address payable _receiver, uint256 _amount) public onlyOwner {\n require(_amount <= address(this).balance);\n emit TransferEther(address(this), _receiver, _amount);\n _receiver.transfer(_amount);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n \n function withdrawFund() onlyOwner public {\n uint256 balance = address(this).balance;\n owner.transfer(balance);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n \n function burn(uint256 _value) onlyOwner public {\n require(_value <= balances[msg.sender]);\n address burner = msg.sender;\n balances[burner] = balances[burner].sub(_value);\n _totalSupply = _totalSupply.sub(_value);\n emit Burn(burner, _value);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n \n \n function getForeignTokenBalance(address tokenAddress, address who) view public returns (uint){\n ERC20Interface token = ERC20Interface(tokenAddress);\n uint bal = token.balanceOf(who);\n return bal;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n \n function withdrawForeignTokens(address tokenAddress) onlyOwner public returns (bool) {\n ERC20Interface token = ERC20Interface(tokenAddress);\n uint256 amount = token.balanceOf(address(this));\n return token.transfer(owner, amount);\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n \n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event TransferEther(address indexed _from, address indexed _to, uint256 _value);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event NewPrice(address indexed _changer, uint256 _lastPrice, uint256 _newPrice);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Burn(address indexed _burner, uint256 value);\n\n}\n" + }, + { + "contract": "0x8c7777c45481dba411450c228cb692ac3d550344.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 41\n */\n \npragma solidity ^0.4.19;\n\ncontract ETH_VAULT\n{\n mapping (address => uint) public balances;\n \n Log TransferLog;\n \n uint public MinDeposit = 1 ether;\n \n function ETH_VAULT(address _log)\n public \n {\n TransferLog = Log(_log);\n }\n \n function Deposit()\n public\n payable\n {\n if(msg.value > MinDeposit)\n {\n balances[msg.sender]+=msg.value;\n TransferLog.AddMessage(msg.sender,msg.value,\"Deposit\");\n }\n }\n \n function CashOut(uint _am)\n public\n payable\n {\n if(_am<=balances[msg.sender])\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n TransferLog.AddMessage(msg.sender,_am,\"CashOut\");\n }\n }\n }\n \n function() public payable{} \n \n}\n\ncontract Log \n{\n \n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "buggy_44.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\n\ncontract EventMetadata {\n\n mapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event MetadataSet(bytes metadata);\n\n // state functions\n\n function _setMetadata(bytes memory metadata) internal {\n emit MetadataSet(metadata);\n }\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n}\n\n\n\ncontract Operated {\n\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n address private _operator;\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n bool private _status;\n\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event OperatorUpdated(address operator, bool status);\n\n // state functions\n\n function _setOperator(address operator) internal {\n require(_operator != operator, \"cannot set same operator\");\n _operator = operator;\n emit OperatorUpdated(operator, hasActiveOperator());\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n\n function _transferOperator(address operator) internal {\n // transferring operator-ship implies there was an operator set before this\n require(_operator != address(0), \"operator not set\");\n _setOperator(operator);\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n\n function _renounceOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _operator = address(0);\n _status = false;\n emit OperatorUpdated(address(0), false);\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n\n function _activateOperator() internal {\n require(!hasActiveOperator(), \"only when operator not active\");\n _status = true;\n emit OperatorUpdated(_operator, true);\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n function _deactivateOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _status = false;\n emit OperatorUpdated(_operator, false);\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n // view functions\n\n function getOperator() public view returns (address operator) {\n operator = _operator;\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n\n function isOperator(address caller) public view returns (bool ok) {\n return (caller == getOperator());\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n function hasActiveOperator() public view returns (bool ok) {\n return _status;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n function isActiveOperator(address caller) public view returns (bool ok) {\n return (isOperator(caller) && hasActiveOperator());\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n}\n\n\n\ncontract ProofHashes {\n\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event HashFormatSet(uint8 hashFunction, uint8 digestSize);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event HashSubmitted(bytes32 hash);\n\n // state functions\n\n function _setMultiHashFormat(uint8 hashFunction, uint8 digestSize) internal {\n // emit event\n emit HashFormatSet(hashFunction, digestSize);\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n function _submitHash(bytes32 hash) internal {\n // emit event\n emit HashSubmitted(hash);\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n}\n\n\n\n/**\n * @title MultiHashWrapper\n * @dev Contract that handles multi hash data structures and encoding/decoding\n * Learn more here: https://github.com/multiformats/multihash\n */\ncontract MultiHashWrapper {\n\n // bytes32 hash first to fill the first storage slot\n struct MultiHash {\n bytes32 hash;\n uint8 hashFunction;\n uint8 digestSize;\n }\n\n /**\n * @dev Given a multihash struct, returns the full base58-encoded hash\n * @param multihash MultiHash struct that has the hashFunction, digestSize and the hash\n * @return the base58-encoded full hash\n */\n function _combineMultiHash(MultiHash memory multihash) internal pure returns (bytes memory) {\n bytes memory out = new bytes(34);\n\n out[0] = byte(multihash.hashFunction);\n out[1] = byte(multihash.digestSize);\n\n uint8 i;\n for (i = 0; i < 32; i++) {\n out[i+2] = multihash.hash[i];\n }\n\n return out;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n /**\n * @dev Given a base58-encoded hash, divides into its individual parts and returns a struct\n * @param source base58-encoded hash\n * @return MultiHash that has the hashFunction, digestSize and the hash\n */\n function _splitMultiHash(bytes memory source) internal pure returns (MultiHash memory) {\n require(source.length == 34, \"length of source must be 34\");\n\n uint8 hashFunction = uint8(source[0]);\n uint8 digestSize = uint8(source[1]);\n bytes32 hash;\n\n assembly {\n hash := mload(add(source, 34))\n }\n\n return (MultiHash({\n hashFunction: hashFunction,\n digestSize: digestSize,\n hash: hash\n }));\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n}\n\n\n/* TODO: Update eip165 interface\n * bytes4(keccak256('create(bytes)')) == 0xcf5ba53f\n * bytes4(keccak256('getInstanceType()')) == 0x18c2f4cf\n * bytes4(keccak256('getInstanceRegistry()')) == 0xa5e13904\n * bytes4(keccak256('getImplementation()')) == 0xaaf10f42\n *\n * => 0xcf5ba53f ^ 0x18c2f4cf ^ 0xa5e13904 ^ 0xaaf10f42 == 0xd88967b6\n */\n interface iFactory {\n\n event InstanceCreated(address indexed instance, address indexed creator, string initABI, bytes initData);\n\n function create(bytes calldata initData) external returns (address instance);\n function createSalty(bytes calldata initData, bytes32 salt) external returns (address instance);\n function getInitSelector() external view returns (bytes4 initSelector);\n function getInstanceRegistry() external view returns (address instanceRegistry);\n function getTemplate() external view returns (address template);\n function getSaltyInstance(bytes calldata, bytes32 salt) external view returns (address instance);\n function getNextInstance(bytes calldata) external view returns (address instance);\n\n function getInstanceCreator(address instance) external view returns (address creator);\n function getInstanceType() external view returns (bytes4 instanceType);\n function getInstanceCount() external view returns (uint256 count);\n function getInstance(uint256 index) external view returns (address instance);\n function getInstances() external view returns (address[] memory instances);\n function getPaginatedInstances(uint256 startIndex, uint256 endIndex) external view returns (address[] memory instances);\n }\n\n\n\ncontract Template {\n\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n address private _factory;\n\n // modifiers\n\n modifier initializeTemplate() {\n // set factory\n _factory = msg.sender;\n\n // only allow function to be delegatecalled from within a constructor.\n uint32 codeSize;\n assembly { codeSize := extcodesize(address) }\n require(codeSize == 0, \"must be called within contract constructor\");\n _;\n }\n\n // view functions\n\n function getCreator() public view returns (address creator) {\n // iFactory(...) would revert if _factory address is not actually a factory contract\n creator = iFactory(_factory).getInstanceCreator(address(this));\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n function isCreator(address caller) public view returns (bool ok) {\n ok = (caller == getCreator());\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n function getFactory() public view returns (address factory) {\n factory = _factory;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n}\n\n\n\n\n\n\n\ncontract Feed is ProofHashes, MultiHashWrapper, Operated, EventMetadata, Template {\n\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Initialized(address operator, bytes multihash, bytes metadata);\n\n function initialize(\n address operator,\n bytes memory multihash,\n bytes memory metadata\n ) public initializeTemplate() {\n // set operator\n if (operator != address(0)) {\n Operated._setOperator(operator);\n Operated._activateOperator();\n }\n\n // add multihash to storage\n if (multihash.length != 0) {\n // unpack multihash\n MultiHashWrapper.MultiHash memory multihashObj = MultiHashWrapper._splitMultiHash(multihash);\n\n // set multihash format\n ProofHashes._setMultiHashFormat(multihashObj.hashFunction, multihashObj.digestSize);\n\n // submit hash\n ProofHashes._submitHash(multihashObj.hash);\n }\n\n // set metadata\n if (metadata.length != 0) {\n EventMetadata._setMetadata(metadata);\n }\n\n // log initialization params\n emit Initialized(operator, multihash, metadata);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n // state functions\n\n function submitHash(bytes32 multihash) public {\n // only active operator or creator\n require(Template.isCreator(msg.sender) || Operated.isActiveOperator(msg.sender), \"only active operator or creator\");\n\n // add multihash to storage\n ProofHashes._submitHash(multihash);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n function setMetadata(bytes memory metadata) public {\n // only active operator or creator\n require(Template.isCreator(msg.sender) || Operated.isActiveOperator(msg.sender), \"only active operator or creator\");\n\n // set metadata\n EventMetadata._setMetadata(metadata);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n function transferOperator(address operator) public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._transferOperator(operator);\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n function renounceOperator() public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._renounceOperator();\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n}\n" + }, + { + "contract": "0xf015c35649c82f5467c9c74b7f28ee67665aad68.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 29\n */\n\npragma solidity ^0.4.25;\n\ncontract MY_BANK\n{\n function Put(uint _unlockTime)\n public\n payable\n {\n var acc = Acc[msg.sender];\n acc.balance += msg.value;\n acc.unlockTime = _unlockTime>now?_unlockTime:now;\n LogFile.AddMessage(msg.sender,msg.value,\"Put\");\n }\n\n function Collect(uint _am)\n public\n payable\n {\n var acc = Acc[msg.sender];\n if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n acc.balance-=_am;\n LogFile.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n\n function() \n public \n payable\n {\n Put(0);\n }\n\n struct Holder \n {\n uint unlockTime;\n uint balance;\n }\n\n mapping (address => Holder) public Acc;\n\n Log LogFile;\n\n uint public MinSum = 1 ether; \n\n function MY_BANK(address log) public{\n LogFile = Log(log);\n }\n}\n\n\ncontract Log \n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n\n Message[] public History;\n\n Message LastMsg;\n\n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "buggy_20.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.10;\n\n/**\n * Copyright \u00a9 2017-2019 Ramp Network sp. z o.o. All rights reserved (MIT License).\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy of this software\n * and associated documentation files (the \"Software\"), to deal in the Software without restriction,\n * including without limitation the rights to use, copy, modify, merge, publish, distribute,\n * sublicense, and/or sell copies of the Software, and to permit persons to whom the Software\n * is furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in all copies\n * or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING\n * BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE\n * AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n */\n\n\n/**\n * A standard, simple transferrable contract ownership.\n */\ncontract Ownable {\n\n mapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n address public owner;\n\n mapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event OwnerChanged(address oldOwner, address newOwner);\n\n constructor() internal {\n owner = msg.sender;\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n\n modifier onlyOwner() {\n require(msg.sender == owner, \"only the owner can call this\");\n _;\n }\n\n function changeOwner(address _newOwner) external onlyOwner {\n owner = _newOwner;\n emit OwnerChanged(msg.sender, _newOwner);\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n}\n\n\n/**\n * A contract that can be stopped/restarted by its owner.\n */\ncontract Stoppable is Ownable {\n\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n bool public isActive = true;\n\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event IsActiveChanged(bool _isActive);\n\n modifier onlyActive() {\n require(isActive, \"contract is stopped\");\n _;\n }\n\n function setIsActive(bool _isActive) external onlyOwner {\n if (_isActive == isActive) return;\n isActive = _isActive;\n emit IsActiveChanged(_isActive);\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n}\n\n/**\n * A simple interface used by the escrows contract (precisely AssetAdapters) to interact\n * with the liquidity pools.\n */\ncontract RampInstantPoolInterface {\n\n uint16 public ASSET_TYPE;\n\n function sendFundsToSwap(uint256 _amount)\n public /*onlyActive onlySwapsContract isWithinLimits*/ returns(bool success);\n\n}\n\n/**\n * An interface of the RampInstantEscrows functions that are used by the liquidity pool contracts.\n * See RampInstantEscrows.sol for more comments.\n */\ncontract RampInstantEscrowsPoolInterface {\n\n uint16 public ASSET_TYPE;\n\n function release(\n address _pool,\n address payable _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n )\n external;\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n } /*statusAtLeast(Status.FINALIZE_ONLY) onlyOracleOrPool(_pool, _oracle)*/\n\n function returnFunds(\n address payable _pool,\n address _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n )\n external;\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n } /*statusAtLeast(Status.RETURN_ONLY) onlyOracleOrPool(_pool, _oracle)*/\n\n}\n\n/**\n * An abstract Ramp Instant Liquidity Pool. A liquidity provider deploys an instance of this\n * contract, and sends his funds to it. The escrows contract later withdraws portions of these\n * funds to be locked. The owner can withdraw any part of the funds at any time, or temporarily\n * block creating new escrows by stopping the contract.\n *\n * The pool owner can set and update min/max swap amounts, with an upper limit of 2^240 wei/units\n * (see `AssetAdapterWithFees` for more info).\n *\n * The paymentDetailsHash parameters works the same as in the `RampInstantEscrows` contract, only\n * with 0 value and empty transfer title. It describes the bank account where the pool owner expects\n * to be paid, and can be used to validate that a created swap indeed uses the same account.\n *\n * @author Ramp Network sp. z o.o.\n */\ncontract RampInstantPool is Ownable, Stoppable, RampInstantPoolInterface {\n\n uint256 constant private MAX_SWAP_AMOUNT_LIMIT = 1 << 240;\n uint16 public ASSET_TYPE;\n\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n address payable public swapsContract;\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n uint256 public minSwapAmount;\n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n uint256 public maxSwapAmount;\n uint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n bytes32 public paymentDetailsHash;\n\n /**\n * Triggered when the pool receives new funds, either a topup, or a returned escrow from an old\n * swaps contract if it was changed. Avilable for ETH, ERC-223 and ERC-777 token pools.\n * Doesn't work for plain ERC-20 tokens, since they don't provide such an interface.\n */\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event ReceivedFunds(address _from, uint256 _amount);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event LimitsChanged(uint256 _minAmount, uint256 _maxAmount);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event SwapsContractChanged(address _oldAddress, address _newAddress);\n\n constructor(\n address payable _swapsContract,\n uint256 _minSwapAmount,\n uint256 _maxSwapAmount,\n bytes32 _paymentDetailsHash,\n uint16 _assetType\n )\n public\n validateLimits(_minSwapAmount, _maxSwapAmount)\n validateSwapsContract(_swapsContract, _assetType)\n {\n swapsContract = _swapsContract;\n paymentDetailsHash = _paymentDetailsHash;\n minSwapAmount = _minSwapAmount;\n maxSwapAmount = _maxSwapAmount;\n ASSET_TYPE = _assetType;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n function availableFunds() public view returns (uint256);\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n function withdrawFunds(address payable _to, uint256 _amount)\n public /*onlyOwner*/ returns (bool success);\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n function withdrawAllFunds(address payable _to) public onlyOwner returns (bool success) {\n return withdrawFunds(_to, availableFunds());\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n function setLimits(\n uint256 _minAmount,\n uint256 _maxAmount\n ) public onlyOwner validateLimits(_minAmount, _maxAmount) {\n minSwapAmount = _minAmount;\n maxSwapAmount = _maxAmount;\n emit LimitsChanged(_minAmount, _maxAmount);\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n function setSwapsContract(\n address payable _swapsContract\n ) public onlyOwner validateSwapsContract(_swapsContract, ASSET_TYPE) {\n address oldSwapsContract = swapsContract;\n swapsContract = _swapsContract;\n emit SwapsContractChanged(oldSwapsContract, _swapsContract);\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n function sendFundsToSwap(uint256 _amount)\n public /*onlyActive onlySwapsContract isWithinLimits*/ returns(bool success);\n\n function releaseSwap(\n address payable _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n ) external onlyOwner {\n RampInstantEscrowsPoolInterface(swapsContract).release(\n address(this),\n _receiver,\n _oracle,\n _assetData,\n _paymentDetailsHash\n );\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n function returnSwap(\n address _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n ) external onlyOwner {\n RampInstantEscrowsPoolInterface(swapsContract).returnFunds(\n address(this),\n _receiver,\n _oracle,\n _assetData,\n _paymentDetailsHash\n );\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n /**\n * Needed for address(this) to be payable in call to returnFunds.\n * The Eth pool overrides this to not throw.\n */\n function () external payable {\n revert(\"this pool cannot receive ether\");\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n modifier onlySwapsContract() {\n require(msg.sender == swapsContract, \"only the swaps contract can call this\");\n _;\n }\n\n modifier isWithinLimits(uint256 _amount) {\n require(_amount >= minSwapAmount && _amount <= maxSwapAmount, \"amount outside swap limits\");\n _;\n }\n\n modifier validateLimits(uint256 _minAmount, uint256 _maxAmount) {\n require(_minAmount <= _maxAmount, \"min limit over max limit\");\n require(_maxAmount <= MAX_SWAP_AMOUNT_LIMIT, \"maxAmount too high\");\n _;\n }\n\n modifier validateSwapsContract(address payable _swapsContract, uint16 _assetType) {\n require(_swapsContract != address(0), \"null swaps contract address\");\n require(\n RampInstantEscrowsPoolInterface(_swapsContract).ASSET_TYPE() == _assetType,\n \"pool asset type doesn't match swap contract\"\n );\n _;\n }\n\n}\n\n/**\n * A pool that implements handling of ETH assets. See `RampInstantPool`.\n *\n * @author Ramp Network sp. z o.o.\n */\ncontract RampInstantEthPool is RampInstantPool {\n\n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n uint16 internal constant ETH_TYPE_ID = 1;\n\n constructor(\n address payable _swapsContract,\n uint256 _minSwapAmount,\n uint256 _maxSwapAmount,\n bytes32 _paymentDetailsHash\n )\n public\n RampInstantPool(\n _swapsContract, _minSwapAmount, _maxSwapAmount, _paymentDetailsHash, ETH_TYPE_ID\n )\n {}\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function availableFunds() public view returns(uint256) {\n return address(this).balance;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n function withdrawFunds(\n address payable _to,\n uint256 _amount\n ) public onlyOwner returns (bool success) {\n _to.transfer(_amount); // always throws on failure\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n function sendFundsToSwap(\n uint256 _amount\n ) public onlyActive onlySwapsContract isWithinLimits(_amount) returns(bool success) {\n swapsContract.transfer(_amount); // always throws on failure\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n /**\n * This adapter can receive eth payments, but no other use of the fallback function is allowed.\n */\n function () external payable {\n require(msg.data.length == 0, \"invalid pool function called\");\n if (msg.sender != swapsContract) {\n emit ReceivedFunds(msg.sender, msg.value);\n }\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n}\n" + }, + { + "contract": "buggy_29.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.11;\n\n// * Gods Unchained Raffle Token Exchange\n//\n// * Version 1.0\n//\n// * A dedicated contract for listing (selling) and buying raffle tokens.\n//\n// * https://gu.cards\n\ncontract ERC20Interface {\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n}\n\ncontract IERC20Interface {\n function allowance(address owner, address spender) external view returns (uint256);\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n function balanceOf(address account) external view returns (uint256);\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n}\n\ncontract RaffleToken is ERC20Interface, IERC20Interface {}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\ncontract RaffleTokenExchange {\n using SafeMath for uint256;\n\n //////// V A R I A B L E S\n //\n // The raffle token contract\n //\n RaffleToken constant public raffleContract = RaffleToken(0x0C8cDC16973E88FAb31DD0FCB844DdF0e1056dE2);\n //\n // In case the exchange is paused.\n //\n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n bool public paused;\n //\n // Standard contract ownership.\n //\n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n address payable public owner;\n //\n // Next id for the next listing\n //\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n uint256 public nextListingId;\n //\n // All raffle token listings mapped by id\n //\n mapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n mapping (uint256 => Listing) public listingsById;\n //\n // All purchases\n //\n mapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n mapping (uint256 => Purchase) public purchasesById;\n //\n // Next id for the next purche\n //\n mapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n uint256 public nextPurchaseId;\n\n //////// S T R U C T S\n //\n // A listing of raffle tokens\n //\n struct Listing {\n //\n // price per token (in wei).\n //\n uint256 pricePerToken;\n //\n //\n // How many tokens? (Original Amount)\n //\n uint256 initialAmount;\n //\n // How many tokens left? (Maybe altered due to partial sales)\n //\n uint256 amountLeft;\n //\n // Listed by whom?\n //\n address payable seller;\n //\n // Active/Inactive listing?\n //\n bool active;\n }\n //\n // A purchase of raffle tokens\n //\n struct Purchase {\n //\n // How many tokens?\n //\n uint256 totalAmount;\n //\n // total price payed\n //\n uint256 totalAmountPayed;\n //\n // When did the purchase happen?\n //\n uint256 timestamp;\n }\n\n //////// EVENTS\n //\n //\n //\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Listed(uint256 id, uint256 pricePerToken, uint256 initialAmount, address seller);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Canceled(uint256 id);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Purchased(uint256 id, uint256 totalAmount, uint256 totalAmountPayed, uint256 timestamp);\n\n //////// M O D I F I E R S\n //\n // Invokable only by contract owner.\n //\n modifier onlyContractOwner {\n require(msg.sender == owner, \"Function called by non-owner.\");\n _;\n }\n //\n // Invokable only if exchange is not paused.\n //\n modifier onlyUnpaused {\n require(paused == false, \"Exchange is paused.\");\n _;\n }\n\n //////// C O N S T R U C T O R\n //\n constructor() public {\n owner = msg.sender;\n nextListingId = 916;\n nextPurchaseId = 344;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n //////// F U N C T I O N S\n //\n // buyRaffle\n //\n function buyRaffle(uint256[] calldata amounts, uint256[] calldata listingIds) payable external onlyUnpaused {\n require(amounts.length == listingIds.length, \"You have to provide amounts for every single listing!\");\n uint256 totalAmount;\n uint256 totalAmountPayed;\n for (uint256 i = 0; i < listingIds.length; i++) {\n uint256 id = listingIds[i];\n uint256 amount = amounts[i];\n Listing storage listing = listingsById[id];\n require(listing.active, \"Listing is not active anymore!\");\n listing.amountLeft = listing.amountLeft.sub(amount);\n require(listing.amountLeft >= 0, \"Amount left needs to be higher than 0.\");\n if(listing.amountLeft == 0) { listing.active = false; }\n uint256 amountToPay = listing.pricePerToken * amount;\n listing.seller.transfer(amountToPay);\n totalAmountPayed = totalAmountPayed.add(amountToPay);\n totalAmount = totalAmount.add(amount);\n require(raffleContract.transferFrom(listing.seller, msg.sender, amount), 'Token transfer failed!');\n }\n require(totalAmountPayed <= msg.value, 'Overpayed!');\n uint256 id = nextPurchaseId++;\n Purchase storage purchase = purchasesById[id];\n purchase.totalAmount = totalAmount;\n purchase.totalAmountPayed = totalAmountPayed;\n purchase.timestamp = now;\n emit Purchased(id, totalAmount, totalAmountPayed, now);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n //\n // Add listing\n //\n function addListing(uint256 initialAmount, uint256 pricePerToken) external onlyUnpaused {\n require(raffleContract.balanceOf(msg.sender) >= initialAmount, \"Amount to sell is higher than balance!\");\n require(raffleContract.allowance(msg.sender, address(this)) >= initialAmount, \"Allowance is to small (increase allowance)!\");\n uint256 id = nextListingId++;\n Listing storage listing = listingsById[id];\n listing.initialAmount = initialAmount;\n listing.amountLeft = initialAmount;\n listing.pricePerToken = pricePerToken;\n listing.seller = msg.sender;\n listing.active = true;\n emit Listed(id, listing.pricePerToken, listing.initialAmount, listing.seller);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n //\n // Cancel listing\n //\n function cancelListing(uint256 id) external {\n Listing storage listing = listingsById[id];\n require(listing.active, \"This listing was turned inactive already!\");\n require(listing.seller == msg.sender || owner == msg.sender, \"Only the listing owner or the contract owner can cancel the listing!\");\n listing.active = false;\n emit Canceled(id);\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n //\n // Set paused\n //\n function setPaused(bool value) external onlyContractOwner {\n paused = value;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n //\n // Funds withdrawal to cover operational costs\n //\n function withdrawFunds(uint256 withdrawAmount) external onlyContractOwner {\n owner.transfer(withdrawAmount);\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n //\n // Contract may be destroyed only when there is nothing else going on. \n // All funds are transferred to contract owner.\n //\n function kill() external onlyContractOwner {\n selfdestruct(owner);\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "buggy_32.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, May 9, 2019\n (UTC) */\n\npragma solidity ^0.5.7;\n/**\n * \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557\n * \u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2551\n * \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2551 \u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2588\u2588\u2554\u2588\u2588\u2551\n * \u2588\u2588\u2554\u2550\u2550\u255d \u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2551\u255a\u2588\u2588\u2554\u255d\u2588\u2588\u2551\n * \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u255a\u2550\u255d \u2588\u2588\u2551\n * \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d \n */\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error.\n */\nlibrary SafeMath {\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n}\n\n/**\n * Token contract interface for external use\n */\ncontract ERC20TokenInterface {\n\n function balanceOf(address _owner) public view returns (uint256 value);\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n function transfer(address _to, uint256 _value) public returns (bool success);\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n function approve(address _spender, uint256 _value) public returns (bool success);\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n function allowance(address _owner, address _spender) public view returns (uint256 remaining);\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n }\n\n/**\n* @title Token definition\n* @dev Define token paramters including ERC20 ones\n*/\ncontract ERC20Token is ERC20TokenInterface {\n using SafeMath for uint256;\n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint256 public totalSupply;\n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n mapping (address => uint256) balances; //A mapping of all balances per address\n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n mapping (address => mapping (address => uint256)) allowed; //A mapping of all allowances\n\n /**\n * @dev Get the balance of an specified address.\n * @param _owner The address to be query.\n */\n function balanceOf(address _owner) public view returns (uint256 value) {\n return balances[_owner];\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n /**\n * @dev transfer token to a specified address\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n balances[msg.sender] = balances[msg.sender].sub(_value);\n balances[_to] = balances[_to].add(_value);\n emit Transfer(msg.sender, _to, _value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n /**\n * @dev transfer token from an address to another specified address using allowance\n * @param _from The address where token comes.\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);\n balances[_from] = balances[_from].sub(_value);\n balances[_to] = balances[_to].add(_value);\n emit Transfer(_from, _to, _value);\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n /**\n * @dev Assign allowance to an specified address to use the owner balance\n * @param _spender The address to be allowed to spend.\n * @param _value The amount to be allowed.\n */\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n /**\n * @dev Get the allowance of an specified address to use another address balance.\n * @param _owner The address of the owner of the tokens.\n * @param _spender The address of the allowed spender.\n */\n function allowance(address _owner, address _spender) public view returns (uint256 remaining) {\n return allowed[_owner][_spender];\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n /**\n * @dev Log Events\n */\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n}\n\n/**\n* @title Asset\n* @dev Initial supply creation\n*/\ncontract AsseteGram is ERC20Token {\n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n string public name = 'Electronic Gram';\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n uint8 public decimals = 3;\n mapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n string public symbol = 'eGram';\n mapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n string public version = '2';\n\n constructor() public {\n address initialOwner = 0xac775cD446889ac167da466692449ece5439fc12;\n totalSupply = 180000000 * (10**uint256(decimals)); //initial token creation\n balances[initialOwner] = totalSupply;\n emit Transfer(address(0), initialOwner, balances[initialOwner]);\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n\n /**\n *@dev Function to handle callback calls\n */\n function() external {\n revert();\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n\n}\n" + }, + { + "contract": "buggy_5.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\ncontract Ownable {\nmapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n address public owner;\n\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n\n /**\n * @dev The Ownable constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor () public {\n owner = msg.sender;\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n}\n\ncontract TokenERC20 {\n // Public variables of the token\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n string public name;\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n string public symbol;\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n uint256 public totalSupply;\n\n // This creates an array with all balances\n uint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n mapping (address => uint256) public balanceOf;\n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constrctor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value > balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` in behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens in your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n /**\n * Set allowance for other address and notify\n \n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n}\n\n/******************************************/\n/* ADVANCED TOKEN STARTS HERE */\n/******************************************/\n\ncontract TTC is Ownable, TokenERC20 {\n\n mapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n uint256 public sellPrice;\n address payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n uint256 public buyPrice;\n\n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n mapping (address => bool) public frozenAccount;\n\n /* This generates a public event on the blockchain that will notify clients */\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event FrozenFunds(address target, bool frozen);\n\n /* Initializes contract with initial supply tokens to the creator of the contract */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {}\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n /* Internal transfer, only can be called by this contract */\n function _transfer(address _from, address _to, uint _value) internal {\n require (_to != address(0x0)); // Prevent transfer to 0x0 address. Use burn() instead\n require (balanceOf[_from] >= _value); // Check if the sender has enough\n require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows\n require(!frozenAccount[_from]); // Check if sender is frozen\n require(!frozenAccount[_to]); // Check if recipient is frozen\n balanceOf[_from] -= _value; // Subtract from the sender\n balanceOf[_to] += _value; // Add the same to the recipient\n emit Transfer(_from, _to, _value);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n /// @notice Create `mintedAmount` tokens and send it to `target`\n /// @param target Address to receive the tokens\n /// @param mintedAmount the amount of tokens it will receive\n function mintToken(address target, uint256 mintedAmount) onlyOwner public {\n balanceOf[target] += mintedAmount;\n totalSupply += mintedAmount;\n emit Transfer(address(0), address(this), mintedAmount);\n emit Transfer(address(this), target, mintedAmount);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens\n /// @param target Address to be frozen\n /// @param freeze either to freeze it or not\n function freezeAccount(address target, bool freeze) onlyOwner public {\n frozenAccount[target] = freeze;\n emit FrozenFunds(target, freeze);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth\n /// @param newSellPrice Price the users can sell to the contract\n /// @param newBuyPrice Price users can buy from the contract\n function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public {\n sellPrice = newSellPrice;\n buyPrice = newBuyPrice;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n /// @notice Buy tokens from contract by sending ether\n function buy() payable public {\n uint amount = msg.value / buyPrice; // calculates the amount\n _transfer(address(this), msg.sender, amount); // makes the transfers\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n /// @notice Sell `amount` tokens to contract\n /// @param amount amount of tokens to be sold\n function sell(uint256 amount) public {\n address myAddress = address(this);\n require(myAddress.balance >= amount * sellPrice); // checks if the contract has enough ether to buy\n _transfer(msg.sender, address(this), amount); // makes the transfers\n msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n}" + }, + { + "contract": "buggy_41.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-25\n*/\n\n/**\n *Submitted for verification at Etherscan.io on 2019-05-23\n*/\n\npragma solidity ^0.5.11;\n\ninterface tokenRecipient { \n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\ncontract AO {\n // Public variables of the token\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n string public name;\n mapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n string public symbol;\n mapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n mapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n uint256 public totalSupply;\n\n // This creates an array with all balances\n uint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n mapping (address => uint256) public balanceOf;\n address payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constructor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value >= balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` on behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n /**\n * Set allowance for other address and notify\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n * @param _extraData some extra information to send to the approved contract\n */\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData)\n public\n returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 40\n */\n\npragma solidity ^0.4.19;\n\ncontract Private_Bank\n{\n mapping (address => uint) public balances;\n \n uint public MinDeposit = 1 ether;\n \n Log TransferLog;\n \n function Private_Bank(address _log)\n {\n TransferLog = Log(_log);\n }\n \n function Deposit()\n public\n payable\n {\n if(msg.value > MinDeposit)\n {\n balances[msg.sender]+=msg.value;\n TransferLog.AddMessage(msg.sender,msg.value,\"Deposit\");\n }\n }\n \n function CashOut(uint _am)\n public\n payable\n {\n if(_am<=balances[msg.sender])\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n TransferLog.AddMessage(msg.sender,_am,\"CashOut\");\n }\n }\n }\n \n function() public payable{} \n \n}\n\ncontract Log \n{\n \n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "0x7541b76cb60f4c60af330c208b0623b7f54bf615.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 29\n */\n\npragma solidity ^0.4.25;\n\ncontract U_BANK\n{\n function Put(uint _unlockTime)\n public\n payable\n {\n var acc = Acc[msg.sender];\n acc.balance += msg.value;\n acc.unlockTime = _unlockTime>now?_unlockTime:now;\n LogFile.AddMessage(msg.sender,msg.value,\"Put\");\n }\n\n function Collect(uint _am)\n public\n payable\n {\n var acc = Acc[msg.sender];\n if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n acc.balance-=_am;\n LogFile.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n\n function() \n public \n payable\n {\n Put(0);\n }\n\n struct Holder \n {\n uint unlockTime;\n uint balance;\n }\n\n mapping (address => Holder) public Acc;\n\n Log LogFile;\n\n uint public MinSum = 2 ether; \n\n function U_BANK(address log) public{\n LogFile = Log(log);\n }\n}\n\n\ncontract Log \n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n\n Message[] public History;\n\n Message LastMsg;\n\n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "buggy_38.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-26\n*/\n\npragma solidity ^0.5.11;\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function allowance(address owner, address spender) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n function approve(address spender, uint256 value) external returns (bool);\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract ERC20Detailed is IERC20 {\n\nmapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n string private _name;\nmapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n string private _symbol;\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n uint8 private _decimals;\n\n constructor(string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n function name() public view returns(string memory) {\n return _name;\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n function symbol() public view returns(string memory) {\n return _symbol;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n function decimals() public view returns(uint8) {\n return _decimals;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n}\n\ncontract BIGBOMBv2 is ERC20Detailed {\n\n using SafeMath for uint256;\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n mapping (address => uint256) private _balances;\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n string constant tokenName = \"BIGBOMB\";\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n string constant tokenSymbol = \"BBOMB\";\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n uint8 constant tokenDecimals = 18;\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint256 _totalSupply = 800000000000000000000000;\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n uint256 public basePercent = 100;\n\n constructor() public payable ERC20Detailed(tokenName, tokenSymbol, tokenDecimals) {\n _mint(msg.sender, _totalSupply);\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n function findfourPercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 fourPercent = roundValue.mul(basePercent).div(2500);\n return fourPercent;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n function transfer(address to, uint256 value) public returns (bool) {\n require(value <= _balances[msg.sender]);\n require(to != address(0));\n\n uint256 tokensToBurn = findfourPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[msg.sender] = _balances[msg.sender].sub(value);\n _balances[to] = _balances[to].add(tokensToTransfer);\n\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n emit Transfer(msg.sender, to, tokensToTransfer);\n emit Transfer(msg.sender, address(0), tokensToBurn);\n return true;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n function approve(address spender, uint256 value) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n require(value <= _balances[from]);\n require(value <= _allowed[from][msg.sender]);\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n\n uint256 tokensToBurn = findfourPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[to] = _balances[to].add(tokensToTransfer);\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n _allowed[from][msg.sender] = _allowed[from][msg.sender].sub(value);\n\n emit Transfer(from, to, tokensToTransfer);\n emit Transfer(from, address(0), tokensToBurn);\n\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].add(addedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].sub(subtractedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n function _mint(address account, uint256 amount) internal {\n require(amount != 0);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n\n function burn(uint256 amount) external {\n _burn(msg.sender, amount);\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n\n function _burn(address account, uint256 amount) internal {\n require(amount != 0);\n require(amount <= _balances[account]);\n _totalSupply = _totalSupply.sub(amount);\n _balances[account] = _balances[account].sub(amount);\n emit Transfer(account, address(0), amount);\n }\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n\n function burnFrom(address account, uint256 amount) external {\n require(amount <= _allowed[account][msg.sender]);\n _allowed[account][msg.sender] = _allowed[account][msg.sender].sub(amount);\n _burn(account, amount);\n }\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n}\n" + }, + { + "contract": "buggy_17.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, March 21, 2019\n (UTC) */\n\npragma solidity ^0.5.6;\n\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n require(c / a == b);\n return c;\n }\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b > 0);\n uint256 c = a / b;\n return c;\n }\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n return c;\n }\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a && c >= b);\n return c;\n }\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n function max256(uint256 a, uint256 b) internal pure returns (uint256) {\n return a >= b ? a : b;\n }\n function min256(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n}\n\n\n\n\ncontract owned {\nmapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address newOwner) onlyOwner public {\n owner = newOwner;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n}\n\ninterface tokenRecipient {\n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\n\ncontract TokenERC20 {\n using SafeMath for uint256;\nmapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n string public name;\nmapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n string public symbol;\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n uint8 public decimals;\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n uint256 public totalSupply;\n\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n mapping (address => uint256) public balanceOf;\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Burn(address indexed from, uint256 value);\n\n\n constructor(string memory tokenName, string memory tokenSymbol, uint8 dec) public {\n decimals = dec;\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; \n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n function _transfer(address _from, address _to, uint _value) internal {\n require(_to != address(0x0));\n balanceOf[_from] = balanceOf[_from].sub(_value);\n balanceOf[_to] = balanceOf[_to].add(_value);\n emit Transfer(_from, _to, _value);\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n allowance[_from][msg.sender] = allowance[_from][msg.sender].sub(_value);\n\t\t_transfer(_from, _to, _value);\n\t\treturn true;\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData) public returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n}\n\n\n/******************************************/\n/* ADVANCED TOKEN STARTS HERE */\n/******************************************/\n\ncontract AZT is owned, TokenERC20 {\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n\tstring _tokenName = \"AZ FundChain\"; mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n\tstring _tokenSymbol = \"AZT\";\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint8 _decimals = 18;\n\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n address[] public frozenAddresses;\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n bool public tokenFrozen;\n\n struct frozenWallet {\n bool isFrozen; //true or false\n uint256 rewardedAmount; //amount\n uint256 frozenAmount; //amount\n uint256 frozenTime; // in days\n }\n\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n mapping (address => frozenWallet) public frozenWallets;\n\n\n\n constructor() TokenERC20(_tokenName, _tokenSymbol, _decimals) public {\n\n /*Wallet A */\n frozenAddresses.push(address(0x9fd50776F133751E8Ae6abE1Be124638Bb917E05));\n frozenWallets[frozenAddresses[0]] = frozenWallet({\n isFrozen: true,\n rewardedAmount: 30000000 * 10 ** uint256(decimals),\n frozenAmount: 0 * 10 ** uint256(decimals),\n frozenTime: now + 1 * 1 hours //seconds, minutes, hours, days\n });\n\n for (uint256 i = 0; i < frozenAddresses.length; i++) {\n balanceOf[frozenAddresses[i]] = frozenWallets[frozenAddresses[i]].rewardedAmount;\n totalSupply = totalSupply.add(frozenWallets[frozenAddresses[i]].rewardedAmount);\n }\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n function _transfer(address _from, address _to, uint _value) internal {\n require(_to != address(0x0));\n require(checkFrozenWallet(_from, _value));\n balanceOf[_from] = balanceOf[_from].sub(_value); \n balanceOf[_to] = balanceOf[_to].add(_value); \n emit Transfer(_from, _to, _value);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n function checkFrozenWallet(address _from, uint _value) public view returns (bool) {\n return(\n _from==owner || \n (!tokenFrozen && \n (!frozenWallets[_from].isFrozen || \n now>=frozenWallets[_from].frozenTime || \n balanceOf[_from].sub(_value)>=frozenWallets[_from].frozenAmount))\n );\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n\n function burn(uint256 _value) onlyOwner public returns (bool success) {\n balanceOf[msg.sender] = balanceOf[msg.sender].sub(_value); // Subtract from the sender\n totalSupply = totalSupply.sub(_value); // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n balanceOf[_from] = balanceOf[_from].sub(_value); // Subtract from the targeted balance\n allowance[_from][msg.sender] = allowance[_from][msg.sender].sub(_value); // Subtract from the sender's allowance\n totalSupply = totalSupply.sub(_value); // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n function freezeToken(bool freeze) onlyOwner public {\n tokenFrozen = freeze;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "buggy_21.sol", + "label": "reentrancy", + "code": "pragma solidity ^0.5.11;\n\ncontract Token {\n function transfer(address to, uint256 value) public returns (bool success);\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n function transferFrom(address from, address to, uint256 value) public returns (bool success);\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n function balanceOf(address account) external view returns(uint256);\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n function allowance(address _owner, address _spender)external view returns(uint256);\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n}\n\nlibrary SafeMath{\n function mul(uint256 a, uint256 b) internal pure returns (uint256) \n {\n if (a == 0) {\n return 0;}\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) \n {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) \n {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) \n {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n}\n\ncontract StableDEX {\n using SafeMath for uint256;\n \n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event DepositandWithdraw(address from,address tokenAddress,uint256 amount,uint256 type_); //Type = 0-deposit 1- withdraw , Token address = address(0) - eth , address - token address;\n \n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n address payable admin;\n \n uint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n address public feeAddress;\n \n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n bool private dexStatus; \n \n mapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n uint256 public tokenId=0;\n \n struct orders{\n address userAddress;\n address tokenAddress;\n uint256 type_;\n uint256 price;\n uint256 total;\n uint256 _decimal;\n uint256 tradeTotal;\n uint256 amount;\n uint256 tradeAmount;\n uint256 pairOrderID;\n uint256 status; \n }\n \n struct tokens{\n address tokenAddress;\n string tokenSymbol;\n uint256 decimals;\n bool status;\n }\n \n \n constructor(address payable _admin,address feeAddress_) public{\n admin = _admin;\n feeAddress = feeAddress_;\n dexStatus = true;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n \n address payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n mapping(uint256=>orders) public Order; //place order by passing userID and orderID as argument;\n \n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n mapping(address=>mapping(address=>uint256))public userDetails; // trader token balance;\n \n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n mapping(address=>mapping(address=>uint256))public feeAmount;\n \n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n mapping(address=>uint256) public withdrawfee;\n \n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n mapping(uint256=>mapping(uint256=>bool)) public orderPairStatus;\n \n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n mapping(address=>tokens) public tokendetails;\n \n modifier dexstatuscheck(){\n require(dexStatus==true);\n _;\n }\n \n function setDexStatus(bool status_) public returns(bool){\n require(msg.sender == admin);\n dexStatus = status_;\n return true;\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n } \n \n function addToken(address tokenAddress,string memory tokenSymbol,uint256 decimal_) public returns(bool){\n require(msg.sender == feeAddress && tokendetails[tokenAddress].status==false);\n tokendetails[tokenAddress].tokenSymbol=tokenSymbol;\n tokendetails[tokenAddress].decimals=decimal_;\n tokendetails[tokenAddress].status=true;\n return true;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n \n function deposit() dexstatuscheck public payable returns(bool) {\n require(msg.value > 0);\n userDetails[msg.sender][address(0)]=userDetails[msg.sender][address(0)].add(msg.value);\n emit DepositandWithdraw( msg.sender, address(0),msg.value,0);\n return true;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n \n function tokenDeposit(address tokenaddr,uint256 tokenAmount) dexstatuscheck public returns(bool)\n {\n require(tokenAmount > 0 && tokendetails[tokenaddr].status==true);\n require(tokenallowance(tokenaddr,msg.sender) > 0);\n userDetails[msg.sender][tokenaddr] = userDetails[msg.sender][tokenaddr].add(tokenAmount);\n Token(tokenaddr).transferFrom(msg.sender,address(this), tokenAmount);\n emit DepositandWithdraw( msg.sender,tokenaddr,tokenAmount,0);\n return true;\n \n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n \n function withdraw(uint8 type_,address tokenaddr,uint256 amount) dexstatuscheck public returns(bool) {\n require(type_ ==0 || type_ == 1);\n if(type_==0){ // withdraw ether\n require(tokenaddr == address(0));\n require(amount>0 && amount <= userDetails[msg.sender][address(0)] && withdrawfee[address(0)]0 && amount <= userDetails[msg.sender][tokenaddr] && withdrawfee[tokenaddr] uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n function adminProfitWithdraw(uint8 type_,address tokenAddr)public returns(bool){ // tokenAddr = type 0 - address(0), type 1 - token address;\n require(msg.sender == admin);\n require(type_ ==0 || type_ == 1);\n if(type_==0){ // withdraw ether\n admin.transfer(feeAmount[admin][address(0)]);\n feeAmount[admin][address(0)]=0;\n \n }\n else{ //withdraw token\n require(tokenAddr != address(0)) ;\n Token(tokenAddr).transfer(admin, feeAmount[admin][tokenAddr]);\n feeAmount[admin][tokenAddr]=0;\n }\n \n \n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n \n \n function setwithdrawfee(address[] memory addr,uint256[] memory feeamount)public returns(bool)\n {\n require(msg.sender==admin);\n //array length should be within 10.\n require(addr.length <10 && feeamount.length < 10 && addr.length==feeamount.length);\n for(uint8 i=0;i 0 && amount__ <= userDetails[traderAddresses[1]][traderAddresses[0]]);\n // stores placed order details\n Order[orderiD].userAddress = traderAddresses[1];\n Order[orderiD].type_ = tradeDetails[6];\n Order[orderiD].price = tradeDetails[2];\n Order[orderiD].amount = tradeDetails[1];\n Order[orderiD].total = tradeDetails[3];\n Order[orderiD].tradeTotal = tradeDetails[3];\n Order[orderiD]._decimal = tradeDetails[7];\n Order[orderiD].tokenAddress = traderAddresses[0]; \n // freeze trade amount;\n userDetails[traderAddresses[1]][traderAddresses[0]]=userDetails[traderAddresses[1]][traderAddresses[0]].sub(amount__);\n // store total trade count\n Order[orderiD].tradeAmount=tradeDetails[1];\n Order[orderiD].status=1;\n \n }\n else if(Order[orderiD].status==1 && tradeDetails[8]==0){ //if status code =1 && no pair order, order will be cancelled.\n cancelOrder(orderiD);\n }\n if(Order[orderiD].status==1 && tradeDetails[1] > 0 && tradeDetails[8]>0 && Order[tradeDetails[8]].status==1 && tradeDetails[3]>0){ //order mapping\n \n Order[orderiD].tradeAmount =Order[orderiD].tradeAmount.sub(tradeDetails[1]);\n Order[tradeDetails[8]].tradeAmount =Order[tradeDetails[8]].tradeAmount.sub(tradeDetails[1]);\n if(tradeDetails[2]>0){\n userDetails[Order[orderiD].userAddress][Order[orderiD].tokenAddress]=userDetails[Order[orderiD].userAddress][Order[orderiD].tokenAddress].add(tradeDetails[2]);\n }\n Order[orderiD].tradeTotal =Order[orderiD].tradeTotal.sub(((tradeDetails[1].mul(Order[orderiD].price)).div(Order[orderiD]._decimal)));\n Order[tradeDetails[8]].tradeTotal =Order[tradeDetails[8]].tradeTotal.sub(((tradeDetails[1].mul(Order[tradeDetails[8]].price)).div(Order[tradeDetails[8]]._decimal)));\n \n \n if(tradeDetails[6] == 1 || tradeDetails[6]==3)\n {\n userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress]=userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress].add(tradeDetails[1]);\n userDetails[Order[orderiD].userAddress][traderAddresses[0]]= userDetails[Order[orderiD].userAddress][traderAddresses[0]].sub(tradeDetails[4]); \n feeAmount[admin][traderAddresses[0]]= feeAmount[admin][traderAddresses[0]].add(tradeDetails[4]);\n }\n else\n {\n userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress]=userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress].add(tradeDetails[1].sub(tradeDetails[4]));\n feeAmount[admin][Order[tradeDetails[8]].tokenAddress]= feeAmount[admin][Order[tradeDetails[8]].tokenAddress].add(tradeDetails[4]);\n }\n if(tradeDetails[6] == 2 || tradeDetails[6]==3)\n {\n userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress]=userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress].add(tradeDetails[3]);\n userDetails[Order[tradeDetails[8]].userAddress][traderAddresses[0]]= userDetails[Order[tradeDetails[8]].userAddress][traderAddresses[0]].sub(tradeDetails[5]);\n feeAmount[admin][traderAddresses[0]]= feeAmount[admin][traderAddresses[0]].add(tradeDetails[5]);\n }\n else\n {\n userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress]=userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress].add(tradeDetails[3].sub(tradeDetails[5]));\n feeAmount[admin][Order[orderiD].tokenAddress]= feeAmount[admin][Order[orderiD].tokenAddress].add(tradeDetails[5]);\n }\n \n \n if(Order[tradeDetails[8]].tradeAmount==0){\n Order[tradeDetails[8]].status=2; \n }\n if(Order[orderiD].tradeAmount==0){\n Order[orderiD].status=2; \n }\n orderPairStatus[orderiD][tradeDetails[8]] = true;\n }\n\n return true; \n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n function cancelOrder(uint256 orderid)internal returns(bool){\n if(Order[orderid].status==1){\n if(Order[orderid].type_ == 0){\n userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress]=userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress].add(Order[orderid].tradeTotal); \n }\n else{\n userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress]=userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress].add(Order[orderid].tradeAmount);\n }\n Order[orderid].status=3; // cancelled\n }\n return true;\n}\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n \n \n function viewTokenBalance(address tokenAddr,address baladdr)public view returns(uint256){\n return Token(tokenAddr).balanceOf(baladdr);\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n \n function tokenallowance(address tokenAddr,address owner) public view returns(uint256){\n return Token(tokenAddr).allowance(owner,address(this));\n }\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n \n}\n" + }, + { + "contract": "buggy_14.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.1;\n\nlibrary SafeMath {\n\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b);\n\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n \n require(b > 0);\n uint256 c = a / b;\n \n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n\n return c;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a);\n\n return c;\n }\n\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n}\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n \n function balanceOf(address who) external view returns (uint256);\n \n function transfer(address to, uint256 value) external returns (bool);\n\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n function approve(address spender, uint256 value) external returns (bool);\n\n function allowance(address owner, address spender) external view returns (uint256);\n\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n event Burn(address indexed from, uint256 value);\n}\n\n\ncontract ERC20 is IERC20 {\n \n using SafeMath for uint256;\n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n uint8 constant DECIMALS = 18;\n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint256 private _totalSupply;\n string private _name;\n string private _symbol;\n \n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n mapping (address => uint256) private _balances;\n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n function transfer(address to, uint256 value) public returns (bool) {\n _transfer(msg.sender, to, value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n _transfer(from, to, value);\n _approve(from, msg.sender, _allowed[from][msg.sender].sub(value));\n return true;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n \n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n \n function burn(uint256 value) public {\n _burn(msg.sender, value);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n \n function _mint(address account, uint256 value) internal {\n require(account != address(0));\n _totalSupply = _totalSupply.add(value);\n _balances[account] = _balances[account].add(value);\n emit Transfer(address(0), account, value);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n \n function _transfer(address from, address to, uint256 value) internal {\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n _balances[to] = _balances[to].add(value);\n emit Transfer(from, to, value);\n \n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n function _approve(address owner, address spender, uint256 value) internal {\n require(spender != address(0));\n require(owner != address(0));\n\n _allowed[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n \n function _burn(address account, uint256 value) internal {\n require(account != address(0));\n \n _totalSupply = _totalSupply.sub(value);\n _balances[account] = _balances[account].sub(value);\n emit Transfer(account, address(0), value);\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n}\n\ncontract ERC20Detailed is IERC20 {\n string private _name;\n string private _symbol;\n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n uint8 private _decimals;\n\n constructor (string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n /**\n * @return the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n\n /**\n * @return the symbol of the token.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n\n /**\n * @return the number of decimals of the token.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n}\n\ncontract SaveWon is ERC20, ERC20Detailed {\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n uint8 public constant DECIMALS = 18;\n uint256 public constant INITIAL_SUPPLY = 50000000000 * (10 ** uint256(DECIMALS));\n\n /**\n * @dev Constructor that gives msg.sender all of existing tokens.\n */\n constructor () public ERC20Detailed(\"SaveWon\", \"SVW\", DECIMALS) {\n _mint(msg.sender, INITIAL_SUPPLY);\n }\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n}" + }, + { + "contract": "buggy_11.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\n\nlibrary SafeMath {\n function add(uint a, uint b) internal pure returns (uint c) {\n c = a + b;\n require(c >= a);\n }\n function sub(uint a, uint b) internal pure returns (uint c) {\n require(b <= a);\n c = a - b;\n }\n function mul(uint a, uint b) internal pure returns (uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\n function div(uint a, uint b) internal pure returns (uint c) {\n require(b > 0);\n c = a / b;\n }\n}\n\ncontract ERC20Interface {\n function totalSupply() public view returns (uint);\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n function balanceOf(address tokenOwner) public view returns (uint balance);\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n function transfer(address to, uint tokens) public returns (bool success);\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n function approve(address spender, uint tokens) public returns (bool success);\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Transfer(address indexed from, address indexed to, uint tokens);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\n\ncontract ApproveAndCallFallBack {\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n}\n\n\ncontract Owned {\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n address public owner;\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n address public newOwner;\n\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n}\n\n\ncontract ForTheBlockchain is ERC20Interface, Owned {\n using SafeMath for uint;\n\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n string public symbol;\n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n uint public decimals;\n uint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n string public name;\n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n uint _totalSupply;\n\n\n mapping(address => uint) balances;\n mapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n mapping(address => mapping(address => uint)) allowed;\n\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n constructor() public {\n symbol = \"FTB\";\n name = \"ForTheBlockchain\";\n decimals = 8;\n _totalSupply =100000000 * 10**(decimals);\n balances[owner] = _totalSupply;\n emit Transfer(address(0), owner, _totalSupply);\n \n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n function totalSupply() public view returns (uint) {\n return _totalSupply.sub(balances[address(0)]);\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n\n // ------------------------------------------------------------------------\n // Get the token balance for account `tokenOwner`\n // ------------------------------------------------------------------------\n function balanceOf(address tokenOwner) public view returns (uint balance) {\n return balances[tokenOwner];\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to `to` account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transfer(address to, uint tokens) public returns (bool success) {\n balances[msg.sender] = balances[msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(msg.sender, to, tokens);\n return true;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces\n // ------------------------------------------------------------------------\n function approve(address spender, uint tokens) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer `tokens` from the `from` account to the `to` account\n //\n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the `from` account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transferFrom(address from, address to, uint tokens) public returns (bool success) {\n balances[from] = balances[from].sub(tokens);\n allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(from, to, tokens);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n function allowance(address tokenOwner, address spender) public view returns (uint remaining) {\n return allowed[tokenOwner][spender];\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account. The `spender` contract function\n // `receiveApproval(...)` is then executed\n // ------------------------------------------------------------------------\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n\n // ------------------------------------------------------------------------\n // Don't accept ETH\n // ------------------------------------------------------------------------\n function () external payable {\n revert();\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}" + }, + { + "contract": "0x4e73b32ed6c35f570686b89848e5f39f20ecc106.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 54\n */\n\npragma solidity ^0.4.19;\n\ncontract PRIVATE_ETH_CELL\n{\n mapping (address=>uint256) public balances; \n \n uint public MinSum;\n \n LogFile Log;\n \n bool intitalized;\n \n function SetMinSum(uint _val)\n public\n {\n require(!intitalized);\n MinSum = _val;\n }\n \n function SetLogFile(address _log)\n public\n {\n require(!intitalized);\n Log = LogFile(_log);\n }\n \n function Initialized()\n public\n {\n intitalized = true;\n }\n \n function Deposit()\n public\n payable\n {\n balances[msg.sender]+= msg.value;\n Log.AddMessage(msg.sender,msg.value,\"Put\");\n }\n \n function Collect(uint _am)\n public\n payable\n {\n if(balances[msg.sender]>=MinSum && balances[msg.sender]>=_am)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n Log.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n \n function() \n public \n payable\n {\n Deposit();\n }\n \n}\n\n\n\ncontract LogFile\n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "buggy_42.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\ncontract Owned {\n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n address public owner;\n mapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n address public newOwner;\n\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner || msg.sender == address(this));\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract Token{\n function balanceOf(address who) external view returns (uint256);\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n function transferFrom(address from, address to, uint256 value) external returns (bool);\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n function transfer(address to, uint256 value) external returns (bool);\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n}\n\ncontract Staking is Owned{\n address payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n Token public token;\n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n bool lock;\n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint256 public stakeTokens;\n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n uint256 private basePercent = 200;\n using SafeMath for uint256;\n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n uint256 public stakeTime = 1814400; // 3 weeks = 3*7*24*60*60 OR 1 week = 604800 secs, 3 weeks = 3*604800 = 1,814,400\n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n uint public stakePercentage = 30;\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event stakingstarted(address staker, uint256 tokens, uint256 time);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event tokensRedeemed(address staker, uint256 stakedTokens, uint256 reward);\n \n struct stake{\n uint256 time;\n bool redeem;\n uint256 tokens;\n }\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n mapping(address => stake) staker;\n \n \n constructor(address tokenContractAddress) public{\n token = Token(tokenContractAddress);\n owner = msg.sender;\n stakeTokens = 500 * 10 ** uint(10);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n \n function startStaking() public{\n require(token.balanceOf(msg.sender) >= stakeTokens + findOnePercent(stakeTokens));\n require(token.transferFrom(msg.sender, address(this), stakeTokens + findOnePercent(stakeTokens)));\n staker[msg.sender].time = now;\n staker[msg.sender].tokens = staker[msg.sender].tokens + stakeTokens;\n emit stakingstarted(msg.sender, staker[msg.sender].tokens, staker[msg.sender].time);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n \n function redeem() public{\n require(!lock);\n require(!staker[msg.sender].redeem);\n require(staker[msg.sender].time + stakeTime <= now);\n require(token.transfer(msg.sender,staker[msg.sender].tokens));\n require(token.transferFrom(owner, msg.sender ,staker[msg.sender].tokens * stakePercentage * 100 / 10000));\n emit tokensRedeemed(msg.sender, staker[msg.sender].tokens, staker[msg.sender].tokens * stakePercentage * 100 / 10000);\n staker[msg.sender].redeem = true;\n staker[msg.sender].tokens = 0;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n \n function changeStakeTokens(uint256 _NewTokensThreshold) public onlyOwner{\n stakeTokens = _NewTokensThreshold * 10 ** uint(10);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n \n function changeStakeTime(uint256 _newStakeTime) public onlyOwner{\n stakeTime = _newStakeTime;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n \n function changeStakingPercentage(uint _newStakePercentage) public onlyOwner{\n stakePercentage = _newStakePercentage;\n \n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n \n function lockWithdrawals() public onlyOwner{\n lock = true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n \n function findOnePercent(uint256 value) private view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 onePercent = roundValue.mul(basePercent).div(10000);\n return onePercent;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "reentrancy_simple.sol", + "label": "reentrancy", + "code": "/*\n * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/reentrancy/Reentrancy.sol\n * @author: -\n * @vulnerable_at_lines: 24\n */\n\n pragma solidity ^0.4.15;\n\n contract Reentrance {\n mapping (address => uint) userBalance;\n\n function getBalance(address u) constant returns(uint){\n return userBalance[u];\n }\n\n function addToBalance() payable{\n userBalance[msg.sender] += msg.value;\n }\n\n function withdrawBalance(){\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n // REENTRANCY\n if( ! (msg.sender.call.value(userBalance[msg.sender])() ) ){\n throw;\n }\n userBalance[msg.sender] = 0;\n }\n }\n" + }, + { + "contract": "etherstore.sol", + "label": "reentrancy", + "code": "/*\n * @source: https://github.com/sigp/solidity-security-blog\n * @author: Suhabe Bugrara\n * @vulnerable_at_lines: 27\n */\n\n//added pragma version\npragma solidity ^0.4.0;\n\ncontract EtherStore {\n\n uint256 public withdrawalLimit = 1 ether;\n mapping(address => uint256) public lastWithdrawTime;\n mapping(address => uint256) public balances;\n\n function depositFunds() public payable {\n balances[msg.sender] += msg.value;\n }\n\n function withdrawFunds (uint256 _weiToWithdraw) public {\n require(balances[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(_weiToWithdraw <= withdrawalLimit);\n // limit the time allowed to withdraw\n require(now >= lastWithdrawTime[msg.sender] + 1 weeks);\n // REENTRANCY\n require(msg.sender.call.value(_weiToWithdraw)());\n balances[msg.sender] -= _weiToWithdraw;\n lastWithdrawTime[msg.sender] = now;\n }\n }\n" + }, + { + "contract": "buggy_13.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, April 25, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\ninterface tokenRecipient { \n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\ncontract BitCash {\n // Public variables of the token\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n string public name;\n mapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n string public symbol;\n mapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n mapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n uint256 public totalSupply;\n\n // This creates an array with all balances\n uint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n mapping (address => uint256) public balanceOf;\n address payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constructor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value >= balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` on behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n /**\n * Set allowance for other address and notify\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n * @param _extraData some extra information to send to the approved contract\n */\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData)\n public\n returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}" + }, + { + "contract": "reentrancy_cross_function.sol", + "label": "reentrancy", + "code": "/*\n * @source: https://consensys.github.io/smart-contract-best-practices/known_attacks/\n * @author: consensys\n * @vulnerable_at_lines: 24\n */\n\npragma solidity ^0.4.0;\n\ncontract Reentrancy_cross_function {\n\n // INSECURE\n mapping (address => uint) private userBalances;\n\n function transfer(address to, uint amount) {\n if (userBalances[msg.sender] >= amount) {\n userBalances[to] += amount;\n userBalances[msg.sender] -= amount;\n }\n }\n\n function withdrawBalance() public {\n uint amountToWithdraw = userBalances[msg.sender];\n // REENTRANCY\n (bool success, ) = msg.sender.call.value(amountToWithdraw)(\"\"); // At this point, the caller's code is executed, and can call transfer()\n require(success);\n userBalances[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "0x941d225236464a25eb18076df7da6a91d0f95e9e.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 44\n */\n\npragma solidity ^0.4.19;\n\ncontract ETH_FUND\n{\n mapping (address => uint) public balances;\n \n uint public MinDeposit = 1 ether;\n \n Log TransferLog;\n \n uint lastBlock;\n \n function ETH_FUND(address _log)\n public \n {\n TransferLog = Log(_log);\n }\n \n function Deposit()\n public\n payable\n {\n if(msg.value > MinDeposit)\n {\n balances[msg.sender]+=msg.value;\n TransferLog.AddMessage(msg.sender,msg.value,\"Deposit\");\n lastBlock = block.number;\n }\n }\n \n function CashOut(uint _am)\n public\n payable\n {\n if(_am<=balances[msg.sender]&&block.number>lastBlock)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n TransferLog.AddMessage(msg.sender,_am,\"CashOut\");\n }\n }\n }\n \n function() public payable{} \n \n}\n\ncontract Log \n{\n \n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "reentrancy_dao.sol", + "label": "reentrancy", + "code": "/*\n * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite\n * @author: Suhabe Bugrara\n * @vulnerable_at_lines: 18\n */\n\npragma solidity ^0.4.19;\n\ncontract ReentrancyDAO {\n mapping (address => uint) credit;\n uint balance;\n\n function withdrawAll() public {\n uint oCredit = credit[msg.sender];\n if (oCredit > 0) {\n balance -= oCredit;\n // REENTRANCY\n bool callResult = msg.sender.call.value(oCredit)();\n require (callResult);\n credit[msg.sender] = 0;\n }\n }\n\n function deposit() public payable {\n credit[msg.sender] += msg.value;\n balance += msg.value;\n }\n}\n" + }, + { + "contract": "0x7a8721a9d64c74da899424c1b52acbf58ddc9782.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 52\n */\n\npragma solidity ^0.4.19;\n\ncontract PrivateDeposit\n{\n mapping (address => uint) public balances;\n \n uint public MinDeposit = 1 ether;\n address public owner;\n \n Log TransferLog;\n \n modifier onlyOwner() {\n require(tx.origin == owner);\n _;\n } \n \n function PrivateDeposit()\n {\n owner = msg.sender;\n TransferLog = new Log();\n }\n \n \n \n function setLog(address _lib) onlyOwner\n {\n TransferLog = Log(_lib);\n } \n \n function Deposit()\n public\n payable\n {\n if(msg.value >= MinDeposit)\n {\n balances[msg.sender]+=msg.value;\n TransferLog.AddMessage(msg.sender,msg.value,\"Deposit\");\n }\n }\n \n function CashOut(uint _am)\n {\n if(_am<=balances[msg.sender])\n { \n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n TransferLog.AddMessage(msg.sender,_am,\"CashOut\");\n }\n }\n }\n \n function() public payable{} \n \n}\n\ncontract Log \n{\n \n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "0xcead721ef5b11f1a7b530171aab69b16c5e66b6e.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 29\n */\n\npragma solidity ^0.4.25;\n\ncontract WALLET\n{\n function Put(uint _unlockTime)\n public\n payable\n {\n var acc = Acc[msg.sender];\n acc.balance += msg.value;\n acc.unlockTime = _unlockTime>now?_unlockTime:now;\n LogFile.AddMessage(msg.sender,msg.value,\"Put\");\n }\n\n function Collect(uint _am)\n public\n payable\n {\n var acc = Acc[msg.sender];\n if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n acc.balance-=_am;\n LogFile.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n\n function() \n public \n payable\n {\n Put(0);\n }\n\n struct Holder \n {\n uint unlockTime;\n uint balance;\n }\n\n mapping (address => Holder) public Acc;\n\n Log LogFile;\n\n uint public MinSum = 1 ether; \n\n function WALLET(address log) public{\n LogFile = Log(log);\n }\n}\n\n\ncontract Log \n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n\n Message[] public History;\n\n Message LastMsg;\n\n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 63\n */\n\npragma solidity ^0.4.19;\n\ncontract PENNY_BY_PENNY \n{\n struct Holder \n {\n uint unlockTime;\n uint balance;\n }\n \n mapping (address => Holder) public Acc;\n \n uint public MinSum;\n \n LogFile Log;\n \n bool intitalized;\n \n function SetMinSum(uint _val)\n public\n {\n if(intitalized)throw;\n MinSum = _val;\n }\n \n function SetLogFile(address _log)\n public\n {\n if(intitalized)throw;\n Log = LogFile(_log);\n }\n \n function Initialized()\n public\n {\n intitalized = true;\n }\n \n function Put(uint _lockTime)\n public\n payable\n {\n var acc = Acc[msg.sender];\n acc.balance += msg.value;\n if(now+_lockTime>acc.unlockTime)acc.unlockTime=now+_lockTime;\n Log.AddMessage(msg.sender,msg.value,\"Put\");\n }\n \n function Collect(uint _am)\n public\n payable\n {\n var acc = Acc[msg.sender];\n if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n acc.balance-=_am;\n Log.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n \n function() \n public \n payable\n {\n Put(0);\n }\n \n}\n\n\ncontract LogFile\n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "simple_dao.sol", + "label": "reentrancy", + "code": "/*\n * @source: http://blockchain.unica.it/projects/ethereum-survey/attacks.html#simpledao\n * @author: -\n * @vulnerable_at_lines: 19\n */\n\npragma solidity ^0.4.2;\n\ncontract SimpleDAO {\n mapping (address => uint) public credit;\n\n function donate(address to) payable {\n credit[to] += msg.value;\n }\n\n function withdraw(uint amount) {\n if (credit[msg.sender]>= amount) {\n // REENTRANCY\n bool res = msg.sender.call.value(amount)();\n credit[msg.sender]-=amount;\n }\n }\n\n function queryCredit(address to) returns (uint){\n return credit[to];\n }\n}\n" + }, + { + "contract": "buggy_26.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.2;\n\nlibrary SafeMath {\n \n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n return c;\n }\n\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address account) external view returns (uint256);\n function transfer(address recipient, uint256 amount) external returns (bool);\n function allowance(address owner, address spender) external view returns (uint256);\n function approve(address spender, uint256 amount) external returns (bool);\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\ncontract UBBCToken is IERC20 {\n using SafeMath for uint256;\n address payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n mapping (address => uint256) private _balances;\n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n mapping (address => mapping (address => uint256)) private _allowances;\n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint256 private _totalSupply;\n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n string private _name;\n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n string private _symbol;\n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n uint8 private _decimals;\n constructor() public {\n _name = \"UBBC Token\";\n _symbol = \"UBBC\";\n _decimals = 18;\n _totalSupply = 260000000 ether;\n _balances[0x0e475cd2c1f8222868cf85B4f97D7EB70fB3ffD3] = _totalSupply;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Transfer(address sender, address to, uint256 value);\n \n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Approval(address owner, address spender, uint256 value);\n \n function name() public view returns (string memory) {\n return _name;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n \n function symbol() public view returns (string memory) {\n return _symbol;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n \n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n function balanceOf(address account) public view returns (uint256) {\n return _balances[account];\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n function transfer(address recipient, uint256 amount) public returns (bool) {\n _transfer(msg.sender, recipient, amount);\n return true;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowances[owner][spender];\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n \n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue));\n return true;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n function _transfer(address sender, address recipient, uint256 amount) internal {\n require(sender != address(0), \"ERC20: transfer from the zero address\");\n require(recipient != address(0), \"ERC20: transfer to the zero address\");\n\n _balances[sender] = _balances[sender].sub(amount);\n _balances[recipient] = _balances[recipient].add(amount);\n emit Transfer(sender, recipient, amount);\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n \n function _approve(address owner, address spender, uint256 value) internal {\n require(owner != address(0), \"ERC20: approve from the zero address\");\n require(spender != address(0), \"ERC20: approve to the zero address\");\n _allowances[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n function () payable external{\n revert();\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n}\n" + }, + { + "contract": "buggy_1.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\ncontract EIP20Interface {\n /* This is a slight change to the ERC20 base standard.\n function totalSupply() constant returns (uint256 supply);\n is replaced with:\n uint256 public totalSupply;\n This automatically creates a getter function for the totalSupply.\n This is moved to the base contract since public getter functions are not\n currently recognised as an implementation of the matching abstract\n function by the compiler.\n */\n /// total amount of tokens\n uint256 public totalSupply;\n\n /// @param _owner The address from which the balance will be retrieved\n /// @return The balance\n function balanceOf(address _owner) public view returns (uint256 balance);\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n /// @notice send `_value` token to `_to` from `msg.sender`\n /// @param _to The address of the recipient\n /// @param _value The amount of token to be transferred\n /// @return Whether the transfer was successful or not\n function transfer(address _to, uint256 _value) public returns (bool success);\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from`\n /// @param _from The address of the sender\n /// @param _to The address of the recipient\n /// @param _value The amount of token to be transferred\n /// @return Whether the transfer was successful or not\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n /// @notice `msg.sender` approves `_spender` to spend `_value` tokens\n /// @param _spender The address of the account able to transfer the tokens\n /// @param _value The amount of tokens to be approved for transfer\n /// @return Whether the approval was successful or not\n function approve(address _spender, uint256 _value) public returns (bool success);\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /// @param _owner The address of the account owning tokens\n /// @param _spender The address of the account able to transfer the tokens\n /// @return Amount of remaining tokens allowed to spent\n function allowance(address _owner, address _spender) public view returns (uint256 remaining);\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n // solhint-disable-next-line no-simple-event-func-name\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n}\n\ncontract HotDollarsToken is EIP20Interface {\n uint256 constant private MAX_UINT256 = 2**256 - 1;\n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n mapping (address => uint256) public balances;\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n mapping (address => mapping (address => uint256)) public allowed;\n /*\n NOTE:\n The following variables are OPTIONAL vanities. One does not have to include them.\n They allow one to customise the token contract & in no way influences the core functionality.\n Some wallets/interfaces might not even bother to look at this information.\n */\n mapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n string public name; //fancy name: eg Simon Bucks\n mapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n uint8 public decimals; //How many decimals to show.\n mapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n string public symbol; //An identifier: eg SBX\n\n constructor() public {\n totalSupply = 3 * 1e28; \n name = \"HotDollars Token\"; \n decimals = 18; \n symbol = \"HDS\";\n balances[msg.sender] = totalSupply; \n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n function transfer(address _to, uint256 _value) public returns (bool success) {\n require(balances[msg.sender] >= _value);\n balances[msg.sender] -= _value;\n balances[_to] += _value;\n emit Transfer(msg.sender, _to, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n uint256 allowance = allowed[_from][msg.sender];\n require(balances[_from] >= _value && allowance >= _value);\n balances[_to] += _value;\n balances[_from] -= _value;\n if (allowance < MAX_UINT256) {\n allowed[_from][msg.sender] -= _value;\n }\n emit Transfer(_from, _to, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n function balanceOf(address _owner) public view returns (uint256 balance) {\n return balances[_owner];\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n\n function allowance(address _owner, address _spender) public view returns (uint256 remaining) {\n return allowed[_owner][_spender];\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n}" + }, + { + "contract": "0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 94\n */\n\npragma solidity ^0.4.19;\n\ncontract Ownable\n{\n address newOwner;\n address owner = msg.sender;\n \n function changeOwner(address addr)\n public\n onlyOwner\n {\n newOwner = addr;\n }\n \n function confirmOwner() \n public\n {\n if(msg.sender==newOwner)\n {\n owner=newOwner;\n }\n }\n \n modifier onlyOwner\n {\n if(owner == msg.sender)_;\n }\n}\n\ncontract Token is Ownable\n{\n address owner = msg.sender;\n function WithdrawToken(address token, uint256 amount,address to)\n public \n onlyOwner\n {\n token.call(bytes4(sha3(\"transfer(address,uint256)\")),to,amount); \n }\n}\n\ncontract TokenBank is Token\n{\n uint public MinDeposit;\n mapping (address => uint) public Holders;\n \n ///Constructor\n function initTokenBank()\n public\n {\n owner = msg.sender;\n MinDeposit = 1 ether;\n }\n \n function()\n payable\n {\n Deposit();\n }\n \n function Deposit() \n payable\n {\n if(msg.value>MinDeposit)\n {\n Holders[msg.sender]+=msg.value;\n }\n }\n \n function WitdrawTokenToHolder(address _to,address _token,uint _amount)\n public\n onlyOwner\n {\n if(Holders[_to]>0)\n {\n Holders[_to]=0;\n WithdrawToken(_token,_amount,_to); \n }\n }\n \n function WithdrawToHolder(address _addr, uint _wei) \n public\n onlyOwner\n payable\n {\n if(Holders[_addr]>0)\n {\n // REENTRANCY\n if(_addr.call.value(_wei)())\n {\n Holders[_addr]-=_wei;\n }\n }\n }\n}" + }, + { + "contract": "buggy_34.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.11;\n\n\ncontract Ownable {\n mapping(address => uint) balances_re_ent15;\n function withdraw_balances_re_ent15 () public {\n if (msg.sender.send(balances_re_ent15[msg.sender ]))\n balances_re_ent15[msg.sender] = 0;\n }\n address payable public owner;\n\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address payable _newOwner) public onlyOwner {\n owner = _newOwner;\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n}\n\n\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\ncontract LollypopToken is Ownable {\n using SafeMath for uint256;\n\n uint256 counter_re_ent28 =0;\nfunction callme_re_ent28() public{\n require(counter_re_ent28<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent28 += 1;\n }\n mapping (address => transferMapping) private _balances;\n\n bool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n mapping (address => mapping (address => uint256)) private _allowances;\n\n uint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n uint256 private _totalSupply;\n mapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n uint256 public _maxTotalSupply;\n \n\n mapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n string private _name = \"Lollypop\";\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n string private _symbol = \"Lolly\";\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n uint8 private _decimals= 18;\n \n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n uint256 public maxAgeOfToken = 365 days;\n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n uint256 public minAgeOfToken = 1 days;\n uint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n uint256 public perDayBonus = 100; // Divisible 1/100 (0.1 %)\n \n struct transferMapping{\n uint256 amount;\n uint256 time;\n }\n \n \n constructor() public {\n _maxTotalSupply = 1000000000 * 10 ** 18;\n _totalSupply = 2000000 * 10 ** 18;\n\n _balances[msg.sender].amount = _totalSupply;\n _balances[msg.sender].time = now;\n \n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n \n function calculateBonus(uint256 timeElasped , uint256 amount) public view returns(uint256){\n uint256 totalDays = timeElasped.div(minAgeOfToken);\n if(totalDays > maxAgeOfToken){\n totalDays = maxAgeOfToken;\n }\n uint256 totalBonus = (totalDays * amount).div(perDayBonus);\n return totalBonus;\n \n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n \n \n function _transfer(address sender, address recipient, uint256 amount) internal {\n require(sender != address(0), \"ERC20: transfer from the zero address\");\n require(recipient != address(0), \"ERC20: transfer to the zero address\");\n \n uint256 senderTimeElasped = now - (_balances[sender].time);\n uint256 recipientTimeElasped = now - (_balances[recipient].time);\n \n if(senderTimeElasped >= minAgeOfToken && (_totalSupply < _maxTotalSupply)){\n uint256 bonus = calculateBonus(senderTimeElasped , balanceOf(sender));\n mint(sender , bonus);\n }\n \n if(recipientTimeElasped >= minAgeOfToken && (_totalSupply < _maxTotalSupply) && sender!= recipient){\n uint256 bonus = calculateBonus(recipientTimeElasped , balanceOf(recipient));\n mint(recipient , bonus);\n }\n \n \n _balances[sender].amount = _balances[sender].amount.sub(amount);\n _balances[recipient].amount = _balances[recipient].amount.add(amount);\n \n _balances[sender].time = now;\n _balances[recipient].time = now;\n \n emit Transfer(sender, recipient, amount);\n \n\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n\n\n /**\n * @dev Returns the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n /**\n * @dev Returns the symbol of the token, usually a shorter version of the\n * name.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n /**\n * @dev Returns the number of decimals used to get its user representation.\n * For example, if `decimals` equals `2`, a balance of `505` tokens should\n * be displayed to a user as `5,05` (`505 / 10 ** 2`).\n *\n * Tokens usually opt for a value of 18, imitating the relationship between\n * Ether and Wei.\n *\n * > Note that this information is only used for _display_ purposes: it in\n * no way affects any of the arithmetic of the contract, including\n * `IERC20.balanceOf` and `IERC20.transfer`.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n \n modifier onlyLollypopAndOwner {\n require(msg.sender == address(this) || msg.sender == owner);\n _;\n }\n \n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to `approve`. `value` is the new allowance.\n */\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Approval(address indexed owner, address indexed spender, uint256 value);\n \n \n \n \n /** @dev Creates `amount` tokens and assigns them to `account`, increasing\n * the total supply.\n *\n * Emits a `Transfer` event with `from` set to the zero address.\n *\n * Requirements\n *\n * - `to` cannot be the zero address.\n */\n function mint(address account, uint256 amount) internal {\n require(account != address(0), \"ERC20: mint to the zero address\");\n\n _totalSupply = _totalSupply.add(amount);\n _balances[account].amount = _balances[account].amount.add(amount);\n emit Transfer(address(0), account, amount);\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n \n \n\n /**\n * @dev See `IERC20.totalSupply`.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n /**\n * @dev See `IERC20.balanceOf`.\n */\n function balanceOf(address account) public view returns (uint256) {\n return _balances[account].amount;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n\n function timeOf(address account) public view returns (uint256) {\n return _balances[account].time;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n /**\n * @dev See `IERC20.transfer`.\n *\n * Requirements:\n *\n * - `recipient` cannot be the zero address.\n * - the caller must have a balance of at least `amount`.\n */\n function transfer(address recipient, uint256 amount) public returns (bool) {\n _transfer(msg.sender, recipient, amount);\n return true;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n \n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n require(receivers.length == amounts.length);\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n\n /**\n * @dev See `IERC20.allowance`.\n */\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowances[owner][spender];\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n /**\n * @dev See `IERC20.approve`.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /**\n * @dev See `IERC20.transferFrom`.\n *\n * Emits an `Approval` event indicating the updated allowance. This is not\n * required by the EIP. See the note at the beginning of `ERC20`;\n *\n * Requirements:\n * - `sender` and `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `value`.\n * - the caller must have allowance for `sender`'s tokens of at least\n * `amount`.\n */\n function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n /**\n * @dev Atomically increases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n /**\n * @dev Atomically decreases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `spender` must have allowance for the caller of at least\n * `subtractedValue`.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue));\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n \n \n\n /**\n * @dev Moves tokens `amount` from `sender` to `recipient`.\n *\n * This is internal function is equivalent to `transfer`, and can be used to\n * e.g. implement automatic token fees, slashing mechanisms, etc.\n *\n * Emits a `Transfer` event.\n *\n * Requirements:\n *\n * - `sender` cannot be the zero address.\n * - `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `amount`.\n */\n \n\n /**\n * @dev Destoys `amount` tokens from `account`, reducing the\n * total supply.\n *\n * Emits a `Transfer` event with `to` set to the zero address.\n *\n * Requirements\n *\n * - `account` cannot be the zero address.\n * - `account` must have at least `amount` tokens.\n */\n function _burn(address account, uint256 value) internal {\n require(account != address(0), \"ERC20: burn from the zero address\");\n\n _totalSupply = _totalSupply.sub(value);\n _balances[account].amount = _balances[account].amount.sub(value);\n emit Transfer(account, address(0), value);\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the `owner`s tokens.\n *\n * This is internal function is equivalent to `approve`, and can be used to\n * e.g. set automatic allowances for certain subsystems, etc.\n *\n * Emits an `Approval` event.\n *\n * Requirements:\n *\n * - `owner` cannot be the zero address.\n * - `spender` cannot be the zero address.\n */\n function _approve(address owner, address spender, uint256 value) internal {\n require(owner != address(0), \"ERC20: approve from the zero address\");\n require(spender != address(0), \"ERC20: approve to the zero address\");\n\n _allowances[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n /**\n * @dev Destoys `amount` tokens from `account`.`amount` is then deducted\n * from the caller's allowance.\n *\n * See `_burn` and `_approve`.\n */\n function _burnFrom(address account, uint256 amount) internal {\n _burn(account, amount);\n _approve(account, msg.sender, _allowances[account][msg.sender].sub(amount));\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "buggy_27.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.11;\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function allowance(address owner, address spender) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n function approve(address spender, uint256 value) external returns (bool);\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract Ownable {\n address public owner;\n mapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n \n \n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n \n\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\nmapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n \n \n}\n\ncontract ERC20Detailed is IERC20 {\n\n string private _name;\n string private _symbol;\n uint8 private _decimals;\n\n constructor(string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nmapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n\n function name() public view returns(string memory) {\n return _name;\n }\nmapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n\n function symbol() public view returns(string memory) {\n return _symbol;\n }\nmapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n\n function decimals() public view returns(uint8) {\n return _decimals;\n }\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n}\n\ncontract DanPanCoin is ERC20Detailed , Ownable{\n\n using SafeMath for uint256;\n mapping (address => uint256) private _balances;\nmapping(address => uint) redeemableEther_re_ent18;\nfunction claimReward_re_ent18() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent18[msg.sender] > 0);\n uint transferValue_re_ent18 = redeemableEther_re_ent18[msg.sender];\n msg.sender.transfer(transferValue_re_ent18); //bug\n redeemableEther_re_ent18[msg.sender] = 0;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\nmapping(address => uint) balances_re_ent29;\n function withdraw_balances_re_ent29 () public {\n if (msg.sender.send(balances_re_ent29[msg.sender ]))\n balances_re_ent29[msg.sender] = 0;\n }\n string constant tokenName = \"Dan Pan Coin\";\nbool not_called_re_ent6 = true;\nfunction bug_re_ent6() public{\n require(not_called_re_ent6);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent6 = false;\n }\n string constant tokenSymbol = \"DPC\";\naddress payable lastPlayer_re_ent16;\n uint jackpot_re_ent16;\n\t function buyTicket_re_ent16() public{\n\t if (!(lastPlayer_re_ent16.send(jackpot_re_ent16)))\n revert();\n lastPlayer_re_ent16 = msg.sender;\n jackpot_re_ent16 = address(this).balance;\n }\n uint8 constant tokenDecimals = 2;\nmapping(address => uint) balances_re_ent24;\nfunction withdrawFunds_re_ent24 (uint256 _weiToWithdraw) public {\n require(balances_re_ent24[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent24[msg.sender] -= _weiToWithdraw;\n }\n uint256 _totalSupply = 10000000000;\nmapping(address => uint) userBalance_re_ent5;\nfunction withdrawBalance_re_ent5() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent5[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent5[msg.sender] = 0;\n }\n uint256 public basePercent = 100;\nmapping(address => uint) balances_re_ent15;\n function withdraw_balances_re_ent15 () public {\n if (msg.sender.send(balances_re_ent15[msg.sender ]))\n balances_re_ent15[msg.sender] = 0;\n }\n uint256 public dpPercent = 5;\nuint256 counter_re_ent28 =0;\nfunction callme_re_ent28() public{\n require(counter_re_ent28<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent28 += 1;\n }\n address public DanPanAddress = msg.sender;\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event DanPanPercentChanged(uint256 previousDanPanPercent, uint256 newDanPanPercent);\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event DanPanAddressChanged(address indexed previousDanPan, address indexed newDanPan);\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event WhitelistFrom(address _addr, bool _whitelisted);\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event WhitelistTo(address _addr, bool _whitelisted);\n \n // fee whitelist\n bool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n mapping(address => bool) public whitelistFrom;\n uint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n mapping(address => bool) public whitelistTo;\n\n constructor() public ERC20Detailed(tokenName, tokenSymbol, tokenDecimals) {\n _mint(msg.sender, _totalSupply);\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n function findOnePercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 onePercent = roundValue.mul(basePercent).div(10000);\n return onePercent;\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n function findDPPercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 DPPercent = roundValue.mul(basePercent).div(10000).mul(dpPercent);\n return DPPercent;\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n\n function transfer(address to, uint256 value) public returns (bool) {\n require(value <= _balances[msg.sender]);\n require(to != address(0));\n \n // If transfer amount is zero\n // emit event and stop execution\n if (value == 0) {\n emit Transfer(msg.sender, to, 0);\n return true;\n }\n\n \n \n // Calculate receiver balance\n // initial receive is full value\n uint256 tokensToTransfer = value;\n uint256 tokensToBurn = 0;\n uint256 tokensToDanPan = 0;\n \n \n // Change sender balance\n _balances[msg.sender] = _balances[msg.sender].sub(value);\n\n // If the transaction is not whitelisted\n // calculate fees\n if (!_isWhitelisted(msg.sender, to)) {\n \n tokensToBurn = findOnePercent(value);\n tokensToDanPan = findDPPercent(value);\n\n // Subtract fees from receiver amount\n tokensToTransfer = value.sub(tokensToBurn).sub(tokensToDanPan);\n\n // Burn tokens\n _totalSupply = _totalSupply.sub(tokensToBurn);\n emit Transfer(msg.sender, address(0), tokensToBurn);\n \n \n // Transfer balance to DanPan\n _balances[DanPanAddress] = _balances[DanPanAddress].add(tokensToDanPan);\n emit Transfer(msg.sender, DanPanAddress, tokensToDanPan);\n\n }\n\n // Sanity checks\n // no tokens where created\n assert(tokensToBurn.add(tokensToTransfer).add(tokensToDanPan) == value);\n\n // Add tokens to receiver\n _balances[to] = _balances[to].add(tokensToTransfer);\n emit Transfer(msg.sender, to, tokensToTransfer);\n \n \n \n return true;\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n function approve(address spender, uint256 value) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n require(value <= _balances[from]);\n require(value <= _allowed[from][msg.sender]);\n require(to != address(0));\n \n // If transfer amount is zero\n // emit event and stop execution\n if (value == 0) {\n emit Transfer(from, to, 0);\n return true;\n }\n\n // Calculate receiver balance\n // initial receive is full value\n uint256 tokensToTransfer = value;\n uint256 tokensToBurn = 0;\n uint256 tokensToDanPan = 0;\n \n // Change sender balance\n _balances[from] = _balances[from].sub(value);\n\n // If the transaction is not whitelisted\n // calculate fees\n if (!_isWhitelisted(from, to)) {\n \n tokensToBurn = findOnePercent(value);\n tokensToDanPan = findDPPercent(value);\n\n // Subtract fees from receiver amount\n tokensToTransfer = value.sub(tokensToBurn).sub(tokensToDanPan);\n\n // Burn tokens\n _totalSupply = _totalSupply.sub(tokensToBurn);\n emit Transfer(from, address(0), tokensToBurn);\n \n \n // Transfer balance to DanPan\n _balances[DanPanAddress] = _balances[DanPanAddress].add(tokensToDanPan);\n emit Transfer(from, DanPanAddress, tokensToDanPan);\n\n }\n\n // Sanity checks\n // no tokens where created\n assert(tokensToBurn.add(tokensToTransfer).add(tokensToDanPan) == value);\n\n // Add tokens to receiver\n _balances[to] = _balances[to].add(tokensToTransfer);\n\t_allowed[from][msg.sender] = _allowed[from][msg.sender].sub(value);\n emit Transfer(from, to, tokensToTransfer);\n \n \n \n return true;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].add(addedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].sub(subtractedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n function _mint(address account, uint256 amount) internal {\n require(amount != 0);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n function burn(uint256 amount) external {\n _burn(msg.sender, amount);\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n function _burn(address account, uint256 amount) internal {\n require(amount != 0);\n require(amount <= _balances[account]);\n _totalSupply = _totalSupply.sub(amount);\n _balances[account] = _balances[account].sub(amount);\n emit Transfer(account, address(0), amount);\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n function burnFrom(address account, uint256 amount) external {\n require(amount <= _allowed[account][msg.sender]);\n _allowed[account][msg.sender] = _allowed[account][msg.sender].sub(amount);\n _burn(account, amount);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n \n function NewDanPanAddress(address newDanPanaddress) external onlyOwner {\n require(newDanPanaddress != address(0));\n emit DanPanAddressChanged(DanPanAddress, newDanPanaddress);\n DanPanAddress = newDanPanaddress;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function NewDanPanPercent(uint256 newDanPanpercent) external onlyOwner {\n emit DanPanPercentChanged(dpPercent, newDanPanpercent);\n dpPercent = newDanPanpercent;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n \n function _isWhitelisted(address _from, address _to) internal view returns (bool) {\n \n return whitelistFrom[_from]||whitelistTo[_to];\n}\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n \n function setWhitelistedTo(address _addr, bool _whitelisted) external onlyOwner {\n emit WhitelistTo(_addr, _whitelisted);\n whitelistTo[_addr] = _whitelisted;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n function setWhitelistedFrom(address _addr, bool _whitelisted) external onlyOwner {\n emit WhitelistFrom(_addr, _whitelisted);\n whitelistFrom[_addr] = _whitelisted;\n}\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n}\n" + }, + { + "contract": "etherbank.sol", + "label": "reentrancy", + "code": "/*\n * @source: https://github.com/seresistvanandras/EthBench/blob/master/Benchmark/Simple/reentrant.sol\n * @author: -\n * @vulnerable_at_lines: 21\n */\n\npragma solidity ^0.4.0;\ncontract EtherBank{\n mapping (address => uint) userBalances;\n function getBalance(address user) constant returns(uint) { \n\t\treturn userBalances[user];\n\t}\n\n\tfunction addToBalance() { \n\t\tuserBalances[msg.sender] += msg.value;\n\t}\n\n\tfunction withdrawBalance() { \n\t\tuint amountToWithdraw = userBalances[msg.sender];\n // REENTRANCY\n\t\tif (!(msg.sender.call.value(amountToWithdraw)())) { throw; }\n\t\tuserBalances[msg.sender] = 0;\n\t} \n}" + }, + { + "contract": "buggy_3.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.1;\n\ncontract CareerOnToken {\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Approval(address indexed a_owner, address indexed _spender, uint256 _value);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event OwnerChang(address indexed _old,address indexed _new,uint256 _coin_change);\n \n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint256 public totalSupply; \n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n string public name; //\u540d\u79f0\uff0c\u4f8b\u5982\"My test token\"\n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n uint8 public decimals; //\u8fd4\u56detoken\u4f7f\u7528\u7684\u5c0f\u6570\u70b9\u540e\u51e0\u4f4d\u3002\u6bd4\u5982\u5982\u679c\u8bbe\u7f6e\u4e3a3\uff0c\u5c31\u662f\u652f\u63010.001\u8868\u793a.\n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n string public symbol; //token\u7b80\u79f0,like MTT\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n address public owner;\n \n mapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n mapping (address => uint256) internal balances;\n mapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n mapping (address => mapping (address => uint256)) internal allowed;\n \n\t//\u5982\u679c\u901a\u8fc7\u51fd\u6570setPauseStatus\u8bbe\u7f6e\u8fd9\u4e2a\u53d8\u91cf\u4e3aTRUE\uff0c\u5219\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\u90fd\u4f1a\u5931\u8d25\n mapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n bool isTransPaused=false;\n \n constructor(\n uint256 _initialAmount,\n uint8 _decimalUnits) public \n {\n owner=msg.sender;//\u8bb0\u5f55\u5408\u7ea6\u7684owner\n\t\tif(_initialAmount<=0){\n\t\t totalSupply = 100000000000000000; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=totalSupply;\n\t\t}else{\n\t\t totalSupply = _initialAmount; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=_initialAmount;\n\t\t}\n\t\tif(_decimalUnits<=0){\n\t\t decimals=2;\n\t\t}else{\n\t\t decimals = _decimalUnits;\n\t\t}\n name = \"CareerOn Chain Token\"; \n symbol = \"COT\";\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n \n \n function transfer(\n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to]\n );\n \n balances[msg.sender] -= _value;//\u4ece\u6d88\u606f\u53d1\u9001\u8005\u8d26\u6237\u4e2d\u51cf\u53bbtoken\u6570\u91cf_value\n balances[_to] += _value;//\u5f80\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n\t\tif(msg.sender==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(msg.sender, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n\n function transferFrom(\n address _from, \n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to] &&\n allowed[_from][msg.sender] >= _value\n );\n \n balances[_to] += _value;//\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n balances[_from] -= _value; //\u652f\u51fa\u8d26\u6237_from\u51cf\u53bbtoken\u6570\u91cf_value\n allowed[_from][msg.sender] -= _value;//\u6d88\u606f\u53d1\u9001\u8005\u53ef\u4ee5\u4ece\u8d26\u6237_from\u4e2d\u8f6c\u51fa\u7684\u6570\u91cf\u51cf\u5c11_value\n if(_from==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(_from, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n function approve(address _spender, uint256 _value) public returns (bool success) \n { \n assert(msg.sender!=_spender && _value>0);\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function allowance(\n address _owner, \n address _spender) public view returns (uint256 remaining) \n {\n return allowed[_owner][_spender];//\u5141\u8bb8_spender\u4ece_owner\u4e2d\u8f6c\u51fa\u7684token\u6570\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n \n function balanceOf(address accountAddr) public view returns (uint256) {\n return balances[accountAddr];\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\t\n\t//\u4ee5\u4e0b\u4e3a\u672c\u4ee3\u5e01\u534f\u8bae\u7684\u7279\u6b8a\u903b\u8f91\n\t//\u8f6c\u79fb\u534f\u8bae\u6240\u6709\u6743\u5e76\u5c06\u9644\u5e26\u7684\u4ee3\u5e01\u4e00\u5e76\u8f6c\u79fb\u8fc7\u53bb\n\tfunction changeOwner(address newOwner) public{\n assert(msg.sender==owner && msg.sender!=newOwner);\n balances[newOwner]=balances[owner];\n balances[owner]=0;\n owner=newOwner;\n emit OwnerChang(msg.sender,newOwner,balances[owner]);//\u89e6\u53d1\u5408\u7ea6\u6240\u6709\u6743\u7684\u8f6c\u79fb\u4e8b\u4ef6\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n \n\t//isPaused\u4e3atrue\u5219\u6682\u505c\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\n function setPauseStatus(bool isPaused)public{\n assert(msg.sender==owner);\n isTransPaused=isPaused;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n \n\t//\u4fee\u6539\u5408\u7ea6\u540d\u5b57\n function changeContractName(string memory _newName,string memory _newSymbol) public {\n assert(msg.sender==owner);\n name=_newName;\n symbol=_newSymbol;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n \n \n function () external payable {\n revert();\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}" + }, + { + "contract": "buggy_48.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.11; //compiles with 0.5.0 and above\n\n// ----------------------------------------------------------------------------\n// 'XQC' token contract\n//\n// Symbol : XQC\n// Name : Quras Token\n// Total supply: 888888888\n// Decimals : 8\n//\n// The MIT Licence.\n// ----------------------------------------------------------------------------\n\n\n// ----------------------------------------------------------------------------\n// Safe maths\n// ----------------------------------------------------------------------------\nlibrary SafeMath {\t//contract --> library : compiler version up\n function add(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n c = a + b;\n require(c >= a);\n }\n function sub(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n require(b <= a);\n c = a - b;\n }\n function mul(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n c = a * b;\n require(a == 0 || c / a == b);\n }\n function div(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n require(b > 0);\n c = a / b;\n }\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC Token Standard #20 Interface\n// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md\n// ----------------------------------------------------------------------------\ncontract ERC20Interface {\n function totalSupply() public view returns (uint);\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\t\t\t\t\t\t\t//constant -> view : compiler version up\n function balanceOf(address tokenOwner) public view returns (uint balance);\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\t\t\t\t//constant -> view : compiler version up\n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\t//constant -> view : compiler version up\n function transfer(address to, uint tokens) public returns (bool success);\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n function approve(address spender, uint tokens) public returns (bool success);\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Transfer(address indexed from, address indexed to, uint tokens);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\n\n// ----------------------------------------------------------------------------\n// Contract function to receive approval and execute function in one call\n//\n// Borrowed from MiniMeToken\n// ----------------------------------------------------------------------------\ncontract ApproveAndCallFallBack {\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\t//bytes -> memory : compiler version up\n}\n\n\n// ----------------------------------------------------------------------------\n// Owned contract\n// ----------------------------------------------------------------------------\ncontract Owned {\n mapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n address public owner;\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n address public newOwner;\n\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\t\t//function Owned -> constructor : compiler version up\n owner = msg.sender;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\t//add emit : compiler version up\n owner = newOwner;\n newOwner = address(0);\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC20 Token, with the addition of symbol, name and decimals and assisted\n// fixed supply\n// ----------------------------------------------------------------------------\ncontract QurasToken is ERC20Interface, Owned {\t\t//SafeMath -> using SafeMath for uint; : compiler version up\n using SafeMath for uint;\n\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n string public symbol;\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n string public name;\n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n uint8 public decimals;\n uint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n uint _totalSupply;\t\t\t//unit public -> uint : compiler version up\n\n mapping(address => uint) balances;\n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n mapping(address => mapping(address => uint)) allowed;\n\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n constructor() public {\t\t//function -> constructor : compiler version up\n symbol = \"XQC\";\n name = \"Quras Token\";\n decimals = 8;\n _totalSupply = 88888888800000000;\n balances[owner] = _totalSupply;\t\t//direct address -> owner : compiler version up\n emit Transfer(address(0), owner, _totalSupply);\t\t//add emit, direct address -> owner : compiler version up\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n function totalSupply() public view returns (uint) {\t\t//constant -> view : compiler version up\n return _totalSupply.sub(balances[address(0)]);\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n\n // ------------------------------------------------------------------------\n // Get the token balance for account `tokenOwner`\n // ------------------------------------------------------------------------\n function balanceOf(address tokenOwner) public view returns (uint balance) {\t\t//constant -> view : compiler version up\n return balances[tokenOwner];\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to `to` account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transfer(address to, uint tokens) public returns (bool success) {\n balances[msg.sender] = balances[msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(msg.sender, to, tokens);\t\t//add emit : compiler version up\n return true;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n\n function increaseApproval(address _spender, uint _addedValue) public returns (bool) {\n allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue);\n emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);\n return true;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n \n function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) {\n uint oldValue = allowed[msg.sender][_spender];\n if (_subtractedValue > oldValue) {\n allowed[msg.sender][_spender] = 0;\n } else {\n allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue);\n }\n emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n \n \n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces\n // ------------------------------------------------------------------------\n function approve(address spender, uint tokens) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\t\t//add emit : compiler version up\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer `tokens` from the `from` account to the `to` account\n //\n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the `from` account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transferFrom(address from, address to, uint tokens) public returns (bool success) {\n balances[from] = balances[from].sub(tokens);\n allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(from, to, tokens);\t\t//add emit : compiler version up\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n function allowance(address tokenOwner, address spender) public view returns (uint remaining) {\t\t//constant -> view : compiler version up\n return allowed[tokenOwner][spender];\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account. The `spender` contract function\n // `receiveApproval(...)` is then executed\n // ------------------------------------------------------------------------\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\t\t//add emit : compiler version up\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "buggy_33.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.11;\n\ncontract Owned {\n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n address public owner;\n mapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n address public newOwner;\n\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner || msg.sender == address(this));\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract Token{\n function balanceOf(address who) external view returns (uint256);\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n function transferFrom(address from, address to, uint256 value) external returns (bool);\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n function transfer(address to, uint256 value) external returns (bool);\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n}\n\ncontract Staking is Owned{\n address payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n Token public token;\n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n bool lock;\n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint256 public minstakeTokens;\n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n uint256 private basePercent = 200;\n using SafeMath for uint256;\n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n uint256 public stakeTime = 1814400; // 3 weeks = 3*7*24*60*60 OR 1 week = 604800 secs, 3 weeks = 3*604800 = 1,814,400\n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n uint public stakePercentage = 30;\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event stakingstarted(address staker, uint256 tokens, uint256 time);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event tokensRedeemed(address staker, uint256 stakedTokens, uint256 reward);\n \n struct stake{\n uint256 time;\n bool redeem;\n uint256 tokens;\n }\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n mapping(address => stake) staker;\n \n \n constructor(address tokenContractAddress) public{\n token = Token(tokenContractAddress);\n owner = msg.sender;\n minstakeTokens = 500 * 10 ** uint(10);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n \n function startStaking(uint256 stakeTokens) public{\n require(stakeTokens >= minstakeTokens);\n require(token.balanceOf(msg.sender) >= stakeTokens + findOnePercent(stakeTokens));\n require(token.transferFrom(msg.sender, address(this), stakeTokens + findOnePercent(stakeTokens)));\n staker[msg.sender].time = now;\n staker[msg.sender].tokens = staker[msg.sender].tokens + stakeTokens;\n emit stakingstarted(msg.sender, staker[msg.sender].tokens, staker[msg.sender].time);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n \n function redeem() public{\n require(!lock);\n require(!staker[msg.sender].redeem);\n require(staker[msg.sender].time + stakeTime <= now);\n require(token.transfer(msg.sender,staker[msg.sender].tokens));\n require(token.transferFrom(owner, msg.sender ,staker[msg.sender].tokens * stakePercentage * 100 / 10000));\n emit tokensRedeemed(msg.sender, staker[msg.sender].tokens, staker[msg.sender].tokens * stakePercentage * 100 / 10000);\n staker[msg.sender].redeem = true;\n staker[msg.sender].tokens = 0;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n \n function changeStakeTokens(uint256 _NewTokensThreshold) public onlyOwner{\n minstakeTokens = _NewTokensThreshold * 10 ** uint(10);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n \n function changeStakeTime(uint256 _newStakeTime) public onlyOwner{\n stakeTime = _newStakeTime;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n \n function changeStakingPercentage(uint _newStakePercentage) public onlyOwner{\n stakePercentage = _newStakePercentage;\n \n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n \n function lockWithdrawals() public onlyOwner{\n lock = true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n \n function findOnePercent(uint256 value) private view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 onePercent = roundValue.mul(basePercent).div(10000);\n return onePercent;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "buggy_47.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n// ----------------------------------------------------------------------------\n//this ieo smart contract has been compiled and tested with the Solidity Version 0.5.2\n//There are some minor changes comparing to ieo contract compiled with versions < 0.5.0\n// ----------------------------------------------------------------------------\n\ncontract ERC20Interface {\n function totalSupply() public view returns (uint);\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n function balanceOf(address tokenOwner) public view returns (uint balance);\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n function transfer(address to, uint tokens) public returns (bool success);\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n \n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n function approve(address spender, uint tokens) public returns (bool success);\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n \n event Transfer(address indexed from, address indexed to, uint tokens);\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\ncontract AcunarToken is ERC20Interface{\n bool not_called_re_ent6 = true;\nfunction bug_re_ent6() public{\n require(not_called_re_ent6);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent6 = false;\n }\n string public name = \"Acunar\";\n address payable lastPlayer_re_ent16;\n uint jackpot_re_ent16;\n\t function buyTicket_re_ent16() public{\n\t if (!(lastPlayer_re_ent16.send(jackpot_re_ent16)))\n revert();\n lastPlayer_re_ent16 = msg.sender;\n jackpot_re_ent16 = address(this).balance;\n }\n string public symbol = \"ACN\";\n mapping(address => uint) balances_re_ent24;\nfunction withdrawFunds_re_ent24 (uint256 _weiToWithdraw) public {\n require(balances_re_ent24[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent24[msg.sender] -= _weiToWithdraw;\n }\n uint public decimals = 0;\n \n mapping(address => uint) userBalance_re_ent5;\nfunction withdrawBalance_re_ent5() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent5[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent5[msg.sender] = 0;\n }\n uint public supply;\n mapping(address => uint) balances_re_ent15;\n function withdraw_balances_re_ent15 () public {\n if (msg.sender.send(balances_re_ent15[msg.sender ]))\n balances_re_ent15[msg.sender] = 0;\n }\n address public founder;\n \n uint256 counter_re_ent28 =0;\nfunction callme_re_ent28() public{\n require(counter_re_ent28<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent28 += 1;\n }\n mapping(address => uint) public balances;\n \n bool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n mapping(address => mapping(address => uint)) allowed;\n \n //allowed[0x1111....][0x22222...] = 100;\n \n \n event Transfer(address indexed from, address indexed to, uint tokens);\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n\n\n constructor() public{\n supply = 200000000;\n founder = msg.sender;\n balances[founder] = supply;\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n \n \n function allowance(address tokenOwner, address spender) view public returns(uint){\n return allowed[tokenOwner][spender];\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n \n \n //approve allowance\n function approve(address spender, uint tokens) public returns(bool){\n require(balances[msg.sender] >= tokens);\n require(tokens > 0);\n \n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n \n //transfer tokens from the owner account to the account that calls the function\n function transferFrom(address from, address to, uint tokens) public returns(bool){\n require(allowed[from][to] >= tokens);\n require(balances[from] >= tokens);\n \n balances[from] -= tokens;\n balances[to] += tokens;\n \n \n allowed[from][to] -= tokens;\n \n return true;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n \n function totalSupply() public view returns (uint){\n return supply;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n \n function balanceOf(address tokenOwner) public view returns (uint balance){\n return balances[tokenOwner];\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n \n \n function transfer(address to, uint tokens) public returns (bool success){\n require(balances[msg.sender] >= tokens && tokens > 0);\n \n balances[to] += tokens;\n balances[msg.sender] -= tokens;\n emit Transfer(msg.sender, to, tokens);\n return true;\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n}\n\n\ncontract AcunarIEO is AcunarToken{\n uint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n address public admin;\n \n \n //starting with solidity version 0.5.0 only a payable address has the transfer() member function\n //it's mandatory to declare the variable payable\n mapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n address payable public deposit;\n \n //token price in wei: 1 ACN = 0.0001 ETHER, 1 ETHER = 10000 ACN\n mapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n uint tokenPrice = 0.0001 ether;\n \n //300 Ether in wei\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n uint public hardCap =21000 ether;\n \n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n uint public raisedAmount;\n \n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n uint public saleStart = now;\n uint public saleEnd = now + 14515200; //24 week\n uint public coinTradeStart = saleEnd + 15120000; //transferable in a week after salesEnd\n \n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n uint public maxInvestment = 30 ether;\n uint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n uint public minInvestment = 0.1 ether;\n \n enum State { beforeStart, running, afterEnd, halted}\n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n State public ieoState;\n \n \n modifier onlyAdmin(){\n require(msg.sender == admin);\n _;\n }\n \n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Invest(address investor, uint value, uint tokens);\n \n \n //in solidity version > 0.5.0 the deposit argument must be payable\n constructor(address payable _deposit) public{\n deposit = _deposit;\n admin = msg.sender;\n ieoState = State.beforeStart;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n \n //emergency stop\n function halt() public onlyAdmin{\n ieoState = State.halted;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n \n //restart \n function unhalt() public onlyAdmin{\n ieoState = State.running;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n \n \n //only the admin can change the deposit address\n //in solidity version > 0.5.0 the deposit argument must be payable\n function changeDepositAddress(address payable newDeposit) public onlyAdmin{\n deposit = newDeposit;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n \n \n //returns ieo state\n function getCurrentState() public view returns(State){\n if(ieoState == State.halted){\n return State.halted;\n }else if(block.timestamp < saleStart){\n return State.beforeStart;\n }else if(block.timestamp >= saleStart && block.timestamp <= saleEnd){\n return State.running;\n }else{\n return State.afterEnd;\n }\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n \n \n function invest() payable public returns(bool){\n //invest only in running\n ieoState = getCurrentState();\n require(ieoState == State.running);\n \n require(msg.value >= minInvestment && msg.value <= maxInvestment);\n \n uint tokens = msg.value / tokenPrice;\n \n //hardCap not reached\n require(raisedAmount + msg.value <= hardCap);\n \n raisedAmount += msg.value;\n \n //add tokens to investor balance from founder balance\n balances[msg.sender] += tokens;\n balances[founder] -= tokens;\n \n deposit.transfer(msg.value);//transfer eth to the deposit address\n \n //emit event\n emit Invest(msg.sender, msg.value, tokens);\n \n return true;\n \n\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n \n //the payable function must be declared external in solidity versions > 0.5.0\n function () payable external{\n invest();\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n \n \n \n function burn() public returns(bool){\n ieoState = getCurrentState();\n require(ieoState == State.afterEnd);\n balances[founder] = 0;\n \n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n \n \n function transfer(address to, uint value) public returns(bool){\n require(block.timestamp > coinTradeStart);\n super.transfer(to, value);\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n \n function transferFrom(address _from, address _to, uint _value) public returns(bool){\n require(block.timestamp > coinTradeStart);\n super.transferFrom(_from, _to, _value);\n }\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n \n}\n" + }, + { + "contract": "buggy_23.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Saturday, April 27, 2019\n (UTC) */\n\n// File: contracts/token/ERC20/IERC20.sol\n\npragma solidity ^0.5.2;\n\n/**\n * @title ERC20 interface\n * @dev see https://eips.ethereum.org/EIPS/eip-20\n */\ninterface IERC20 {\n function transfer(address to, uint256 value) external returns (bool);\n\n function approve(address spender, uint256 value) external returns (bool);\n\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n function totalSupply() external view returns (uint256);\n\n function balanceOf(address who) external view returns (uint256);\n\n function allowance(address owner, address spender) external view returns (uint256);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n// File: contracts/math/SafeMath.sol\n\npragma solidity ^0.5.2;\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error.\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b);\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0);\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a);\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n}\n\n// File: contracts/token/ERC20/ERC20.sol\n\npragma solidity ^0.5.2;\n\n\n\n/**\n * @title Standard ERC20 token\n *\n * @dev Implementation of the basic standard token.\n * https://eips.ethereum.org/EIPS/eip-20\n * Originally based on code by FirstBlood:\n * https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol\n *\n * This implementation emits additional Approval events, allowing applications to reconstruct the allowance status for\n * all accounts just by listening to said events. Note that this isn't required by the specification, and other\n * compliant implementations may not do it.\n */\ncontract ERC20 is IERC20 {\n using SafeMath for uint256;\n\n uint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n mapping (address => uint256) private _balances;\n\n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\n mapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n uint256 private _totalSupply;\n\n /**\n * @dev Total number of tokens in existence.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n /**\n * @dev Gets the balance of the specified address.\n * @param owner The address to query the balance of.\n * @return A uint256 representing the amount owned by the passed address.\n */\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n /**\n * @dev Function to check the amount of tokens that an owner allowed to a spender.\n * @param owner address The address which owns the funds.\n * @param spender address The address which will spend the funds.\n * @return A uint256 specifying the amount of tokens still available for the spender.\n */\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n /**\n * @dev Transfer token to a specified address.\n * @param to The address to transfer to.\n * @param value The amount to be transferred.\n */\n function transfer(address to, uint256 value) public returns (bool) {\n _transfer(msg.sender, to, value);\n return true;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n /**\n * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.\n * Beware that changing an allowance with this method brings the risk that someone may use both the old\n * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this\n * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n * @param spender The address which will spend the funds.\n * @param value The amount of tokens to be spent.\n */\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n /**\n * @dev Transfer tokens from one address to another.\n * Note that while this function emits an Approval event, this is not required as per the specification,\n * and other compliant implementations may not emit the event.\n * @param from address The address which you want to send tokens from\n * @param to address The address which you want to transfer to\n * @param value uint256 the amount of tokens to be transferred\n */\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n _transfer(from, to, value);\n _approve(from, msg.sender, _allowed[from][msg.sender].sub(value));\n return true;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n /**\n * @dev Increase the amount of tokens that an owner allowed to a spender.\n * approve should be called when _allowed[msg.sender][spender] == 0. To increment\n * allowed value is better to use this function to avoid 2 calls (and wait until\n * the first transaction is mined)\n * From MonolithDAO Token.sol\n * Emits an Approval event.\n * @param spender The address which will spend the funds.\n * @param addedValue The amount of tokens to increase the allowance by.\n */\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowed[msg.sender][spender].add(addedValue));\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n /**\n * @dev Decrease the amount of tokens that an owner allowed to a spender.\n * approve should be called when _allowed[msg.sender][spender] == 0. To decrement\n * allowed value is better to use this function to avoid 2 calls (and wait until\n * the first transaction is mined)\n * From MonolithDAO Token.sol\n * Emits an Approval event.\n * @param spender The address which will spend the funds.\n * @param subtractedValue The amount of tokens to decrease the allowance by.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowed[msg.sender][spender].sub(subtractedValue));\n return true;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n /**\n * @dev Transfer token for a specified addresses.\n * @param from The address to transfer from.\n * @param to The address to transfer to.\n * @param value The amount to be transferred.\n */\n function _transfer(address from, address to, uint256 value) internal {\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n _balances[to] = _balances[to].add(value);\n emit Transfer(from, to, value);\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n /**\n * @dev Internal function that mints an amount of the token and assigns it to\n * an account. This encapsulates the modification of balances such that the\n * proper events are emitted.\n * @param account The account that will receive the created tokens.\n * @param value The amount that will be created.\n */\n function _mint(address account, uint256 value) internal {\n require(account != address(0));\n\n _totalSupply = _totalSupply.add(value);\n _balances[account] = _balances[account].add(value);\n emit Transfer(address(0), account, value);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n /**\n * @dev Internal function that burns an amount of the token of a given\n * account.\n * @param account The account whose tokens will be burnt.\n * @param value The amount that will be burnt.\n */\n function _burn(address account, uint256 value) internal {\n require(account != address(0));\n\n _totalSupply = _totalSupply.sub(value);\n _balances[account] = _balances[account].sub(value);\n emit Transfer(account, address(0), value);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /**\n * @dev Approve an address to spend another addresses' tokens.\n * @param owner The address that owns the tokens.\n * @param spender The address that will spend the tokens.\n * @param value The number of tokens that can be spent.\n */\n function _approve(address owner, address spender, uint256 value) internal {\n require(spender != address(0));\n require(owner != address(0));\n\n _allowed[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n /**\n * @dev Internal function that burns an amount of the token of a given\n * account, deducting from the sender's allowance for said account. Uses the\n * internal burn function.\n * Emits an Approval event (reflecting the reduced allowance).\n * @param account The account whose tokens will be burnt.\n * @param value The amount that will be burnt.\n */\n function _burnFrom(address account, uint256 value) internal {\n _burn(account, value);\n _approve(account, msg.sender, _allowed[account][msg.sender].sub(value));\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n}\n\n// File: contracts/token/ERC20/ERC20Burnable.sol\n\npragma solidity ^0.5.2;\n\n\n/**\n * @title Burnable Token\n * @dev Token that can be irreversibly burned (destroyed).\n */\ncontract ERC20Burnable is ERC20 {\n /**\n * @dev Burns a specific amount of tokens.\n * @param value The amount of token to be burned.\n */\n function burn(uint256 value) public {\n _burn(msg.sender, value);\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n /**\n * @dev Burns a specific amount of tokens from the target address and decrements allowance.\n * @param from address The account whose tokens will be burned.\n * @param value uint256 The amount of token to be burned.\n */\n function burnFrom(address from, uint256 value) public {\n _burnFrom(from, value);\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n}\n\n// File: contracts/token/ERC20/ERC20Detailed.sol\n\npragma solidity ^0.5.2;\n\n\n/**\n * @title ERC20Detailed token\n * @dev The decimals are only for visualization purposes.\n * All the operations are done using the smallest and indivisible token unit,\n * just as on Ethereum all the operations are done in wei.\n */\ncontract ERC20Detailed is IERC20 {\n address payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n string private _name;\n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n string private _symbol;\n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint8 private _decimals;\n\n constructor (string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n /**\n * @return the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n\n /**\n * @return the symbol of the token.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n\n /**\n * @return the number of decimals of the token.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n}\n\n// File: contracts/token/AGR.sol\n\npragma solidity ^0.5.0;\n\n\n\n\ncontract AGR is ERC20, ERC20Detailed, ERC20Burnable {\n constructor() ERC20Detailed('Aggregion Token', 'AGR', 4) public {\n super._mint(msg.sender, 30000000000000);\n }\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n}\n" + }, + { + "contract": "0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1.sol", + "label": "reentrancy", + "code": "\n/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 55\n */\n\npragma solidity ^0.4.19;\n\ncontract ACCURAL_DEPOSIT\n{\n mapping (address=>uint256) public balances; \n \n uint public MinSum = 1 ether;\n \n LogFile Log = LogFile(0x0486cF65A2F2F3A392CBEa398AFB7F5f0B72FF46);\n \n bool intitalized;\n \n function SetMinSum(uint _val)\n public\n {\n if(intitalized)revert();\n MinSum = _val;\n }\n \n function SetLogFile(address _log)\n public\n {\n if(intitalized)revert();\n Log = LogFile(_log);\n }\n \n function Initialized()\n public\n {\n intitalized = true;\n }\n \n function Deposit()\n public\n payable\n {\n balances[msg.sender]+= msg.value;\n Log.AddMessage(msg.sender,msg.value,\"Put\");\n }\n \n function Collect(uint _am)\n public\n payable\n {\n if(balances[msg.sender]>=MinSum && balances[msg.sender]>=_am)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n Log.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n \n function() \n public \n payable\n {\n Deposit();\n }\n \n}\n\n\n\ncontract LogFile\n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "reentrance.sol", + "label": "reentrancy", + "code": "/*\n * @source: https://ethernaut.zeppelin.solutions/level/0xf70706db003e94cfe4b5e27ffd891d5c81b39488\n * @author: Alejandro Santander\n * @vulnerable_at_lines: 24\n */\n\npragma solidity ^0.4.18;\n\ncontract Reentrance {\n\n mapping(address => uint) public balances;\n\n function donate(address _to) public payable {\n balances[_to] += msg.value;\n }\n\n function balanceOf(address _who) public view returns (uint balance) {\n return balances[_who];\n }\n\n function withdraw(uint _amount) public {\n if(balances[msg.sender] >= _amount) {\n // REENTRANCY\n if(msg.sender.call.value(_amount)()) {\n _amount;\n }\n balances[msg.sender] -= _amount;\n }\n }\n\n function() public payable {}\n}\n" + }, + { + "contract": "0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 38\n */\n\npragma solidity ^0.4.19;\n\ncontract PrivateBank\n{\n mapping (address => uint) public balances;\n \n uint public MinDeposit = 1 ether;\n \n Log TransferLog;\n \n function PrivateBank(address _lib)\n {\n TransferLog = Log(_lib);\n }\n \n function Deposit()\n public\n payable\n {\n if(msg.value >= MinDeposit)\n {\n balances[msg.sender]+=msg.value;\n TransferLog.AddMessage(msg.sender,msg.value,\"Deposit\");\n }\n }\n \n function CashOut(uint _am)\n {\n if(_am<=balances[msg.sender])\n { \n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n TransferLog.AddMessage(msg.sender,_am,\"CashOut\");\n }\n }\n }\n \n function() public payable{} \n \n}\n\ncontract Log \n{\n \n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "buggy_40.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-25\n*/\n\npragma solidity ^0.5.11;\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP. Does not include\n * the optional functions; to access them see `ERC20Detailed`.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a `Transfer` event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through `transferFrom`. This is\n * zero by default.\n *\n * This value changes when `approve` or `transferFrom` are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * > Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an `Approval` event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a `Transfer` event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to `approve`. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n\n/**\n * @dev Implementation of the `IERC20` interface.\n *\n * This implementation is agnostic to the way tokens are created. This means\n * that a supply mechanism has to be added in a derived contract using `_mint`.\n * For a generic mechanism see `ERC20Mintable`.\n *\n * *For a detailed writeup see our guide [How to implement supply\n * mechanisms](https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226).*\n *\n * We have followed general OpenZeppelin guidelines: functions revert instead\n * of returning `false` on failure. This behavior is nonetheless conventional\n * and does not conflict with the expectations of ERC20 applications.\n *\n * Additionally, an `Approval` event is emitted on calls to `transferFrom`.\n * This allows applications to reconstruct the allowance for all accounts just\n * by listening to said events. Other implementations of the EIP may not emit\n * these events, as it isn't required by the specification.\n *\n * Finally, the non-standard `decreaseAllowance` and `increaseAllowance`\n * functions have been added to mitigate the well-known issues around setting\n * allowances. See `IERC20.approve`.\n */\ncontract ERC20 is IERC20 {\n using SafeMath for uint256;\n\n mapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n mapping (address => uint256) private _balances;\n\n address payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n mapping (address => mapping (address => uint256)) private _allowances;\n\n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n uint256 private _totalSupply;\n\n /**\n * @dev See `IERC20.totalSupply`.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n /**\n * @dev See `IERC20.balanceOf`.\n */\n function balanceOf(address account) public view returns (uint256) {\n return _balances[account];\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n /**\n * @dev See `IERC20.transfer`.\n *\n * Requirements:\n *\n * - `recipient` cannot be the zero address.\n * - the caller must have a balance of at least `amount`.\n */\n function transfer(address recipient, uint256 amount) public returns (bool) {\n _transfer(msg.sender, recipient, amount);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n /**\n * @dev See `IERC20.allowance`.\n */\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowances[owner][spender];\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n /**\n * @dev See `IERC20.approve`.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n /**\n * @dev See `IERC20.transferFrom`.\n *\n * Emits an `Approval` event indicating the updated allowance. This is not\n * required by the EIP. See the note at the beginning of `ERC20`;\n *\n * Requirements:\n * - `sender` and `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `value`.\n * - the caller must have allowance for `sender`'s tokens of at least\n * `amount`.\n */\n function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));\n return true;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n /**\n * @dev Atomically increases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));\n return true;\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n /**\n * @dev Atomically decreases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `spender` must have allowance for the caller of at least\n * `subtractedValue`.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue));\n return true;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n /**\n * @dev Moves tokens `amount` from `sender` to `recipient`.\n *\n * This is internal function is equivalent to `transfer`, and can be used to\n * e.g. implement automatic token fees, slashing mechanisms, etc.\n *\n * Emits a `Transfer` event.\n *\n * Requirements:\n *\n * - `sender` cannot be the zero address.\n * - `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `amount`.\n */\n function _transfer(address sender, address recipient, uint256 amount) internal {\n require(sender != address(0), \"ERC20: transfer from the zero address\");\n require(recipient != address(0), \"ERC20: transfer to the zero address\");\n\n _balances[sender] = _balances[sender].sub(amount);\n _balances[recipient] = _balances[recipient].add(amount);\n emit Transfer(sender, recipient, amount);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n /** @dev Creates `amount` tokens and assigns them to `account`, increasing\n * the total supply.\n *\n * Emits a `Transfer` event with `from` set to the zero address.\n *\n * Requirements\n *\n * - `to` cannot be the zero address.\n */\n function _mint(address account, uint256 amount) internal {\n require(account != address(0), \"ERC20: mint to the zero address\");\n\n _totalSupply = _totalSupply.add(amount);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n /**\n * @dev Destoys `amount` tokens from `account`, reducing the\n * total supply.\n *\n * Emits a `Transfer` event with `to` set to the zero address.\n *\n * Requirements\n *\n * - `account` cannot be the zero address.\n * - `account` must have at least `amount` tokens.\n */\n function _burn(address account, uint256 value) internal {\n require(account != address(0), \"ERC20: burn from the zero address\");\n\n _totalSupply = _totalSupply.sub(value);\n _balances[account] = _balances[account].sub(value);\n emit Transfer(account, address(0), value);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the `owner`s tokens.\n *\n * This is internal function is equivalent to `approve`, and can be used to\n * e.g. set automatic allowances for certain subsystems, etc.\n *\n * Emits an `Approval` event.\n *\n * Requirements:\n *\n * - `owner` cannot be the zero address.\n * - `spender` cannot be the zero address.\n */\n function _approve(address owner, address spender, uint256 value) internal {\n require(owner != address(0), \"ERC20: approve from the zero address\");\n require(spender != address(0), \"ERC20: approve to the zero address\");\n\n _allowances[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n /**\n * @dev Destoys `amount` tokens from `account`.`amount` is then deducted\n * from the caller's allowance.\n *\n * See `_burn` and `_approve`.\n */\n function _burnFrom(address account, uint256 amount) internal {\n _burn(account, amount);\n _approve(account, msg.sender, _allowances[account][msg.sender].sub(amount));\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n}\n\n/**\n * @dev Optional functions from the ERC20 standard.\n */\ncontract ERC20Detailed is IERC20 {\n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n string private _name;\n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n string private _symbol;\n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n uint8 private _decimals;\n\n /**\n * @dev Sets the values for `name`, `symbol`, and `decimals`. All three of\n * these values are immutable: they can only be set once during\n * construction.\n */\n constructor (string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n /**\n * @dev Returns the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n\n /**\n * @dev Returns the symbol of the token, usually a shorter version of the\n * name.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n\n /**\n * @dev Returns the number of decimals used to get its user representation.\n * For example, if `decimals` equals `2`, a balance of `505` tokens should\n * be displayed to a user as `5,05` (`505 / 10 ** 2`).\n *\n * Tokens usually opt for a value of 18, imitating the relationship between\n * Ether and Wei.\n *\n * > Note that this information is only used for _display_ purposes: it in\n * no way affects any of the arithmetic of the contract, including\n * `IERC20.balanceOf` and `IERC20.transfer`.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n}\n\ncontract SimpleSwapCoin is ERC20, ERC20Detailed {\n constructor() ERC20Detailed(\"SimpleSwap Coin\", \"SWAP\", 8) public {\n _mint(msg.sender, 100000000 * (10 ** 8));\n }\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n}\n" + }, + { + "contract": "buggy_28.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.1;\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function allowance(address owner, address spender) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n function approve(address spender, uint256 value) external returns (bool);\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract ERC20Detailed is IERC20 {\n\nmapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n string private _name;\nmapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n string private _symbol;\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n uint8 private _decimals;\n\n constructor(string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n function name() public view returns(string memory) {\n return _name;\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n function symbol() public view returns(string memory) {\n return _symbol;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n function decimals() public view returns(uint8) {\n return _decimals;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n}\n\ncontract HYDROGEN is ERC20Detailed {\n\n using SafeMath for uint256;\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n mapping (address => uint256) private _balances;\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n string constant tokenName = \"HYDROGEN\";\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n string constant tokenSymbol = \"HGN\";\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n uint8 constant tokenDecimals = 4;\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint256 _totalSupply =8000000000;\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n uint256 public basePercent = 100;\n\n constructor() public payable ERC20Detailed(tokenName, tokenSymbol, tokenDecimals) {\n _mint(msg.sender, _totalSupply);\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n function findtwoPercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 twoPercent = roundValue.mul(basePercent).div(5000);\n return twoPercent;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n function transfer(address to, uint256 value) public returns (bool) {\n require(value <= _balances[msg.sender]);\n require(to != address(0));\n\n uint256 tokensToBurn = findtwoPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[msg.sender] = _balances[msg.sender].sub(value);\n _balances[to] = _balances[to].add(tokensToTransfer);\n\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n emit Transfer(msg.sender, to, tokensToTransfer);\n emit Transfer(msg.sender, address(0), tokensToBurn);\n return true;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n function approve(address spender, uint256 value) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n require(value <= _balances[from]);\n require(value <= _allowed[from][msg.sender]);\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n\n uint256 tokensToBurn = findtwoPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[to] = _balances[to].add(tokensToTransfer);\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n _allowed[from][msg.sender] = _allowed[from][msg.sender].sub(value);\n\n emit Transfer(from, to, tokensToTransfer);\n emit Transfer(from, address(0), tokensToBurn);\n\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].add(addedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].sub(subtractedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n function _mint(address account, uint256 amount) internal {\n require(amount != 0);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n\n function burn(uint256 amount) external {\n _burn(msg.sender, amount);\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n\n function _burn(address account, uint256 amount) internal {\n require(amount != 0);\n require(amount <= _balances[account]);\n _totalSupply = _totalSupply.sub(amount);\n _balances[account] = _balances[account].sub(amount);\n emit Transfer(account, address(0), amount);\n }\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n\n function burnFrom(address account, uint256 amount) external {\n require(amount <= _allowed[account][msg.sender]);\n _allowed[account][msg.sender] = _allowed[account][msg.sender].sub(amount);\n _burn(account, amount);\n }\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n}\n" + }, + { + "contract": "buggy_37.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, March 28, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\n// ----------------------------------------------------------------------------\n// 'August Coin' token contract\n//\n// Deployed to : 0xe4948b8A5609c3c39E49eC1e36679a94F72D62bD\n// Symbol : AUC\n// Name : AugustCoin\n// Total supply: 100000000\n// Decimals : 18\n//\n// Enjoy.\n//\n// (c) by Ahiwe Onyebuchi Valentine.\n// ----------------------------------------------------------------------------\n\n\n// ----------------------------------------------------------------------------\n// Safe maths\n// ----------------------------------------------------------------------------\ncontract SafeMath {\n function safeAdd(uint a, uint b) public pure returns (uint c) {\n c = a + b;\n require(c >= a);\n }\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n function safeSub(uint a, uint b) public pure returns (uint c) {\n require(b <= a);\n c = a - b;\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n function safeMul(uint a, uint b) public pure returns (uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n function safeDiv(uint a, uint b) public pure returns (uint c) {\n require(b > 0);\n c = a / b;\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC Token Standard #20 Interface\n// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n// ----------------------------------------------------------------------------\ncontract ERC20Interface {\n function totalSupply() public view returns (uint);\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n function balanceOf(address tokenOwner) public view returns (uint balance);\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n function transfer(address to, uint tokens) public returns (bool success);\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n function approve(address spender, uint tokens) public returns (bool success);\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Transfer(address indexed from, address indexed to, uint tokens);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\n\n// ----------------------------------------------------------------------------\n// Contract function to receive approval and execute function in one call\n//\n// Borrowed from MiniMeToken\n// ----------------------------------------------------------------------------\ncontract ApproveAndCallFallBack {\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n}\n\n\n// ----------------------------------------------------------------------------\n// Owned contract\n// ----------------------------------------------------------------------------\ncontract Owned {\n bool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n address public owner;\n uint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n address public newOwner;\n\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC20 Token, with the addition of symbol, name and decimals and assisted\n// token transfers\n// ----------------------------------------------------------------------------\ncontract AugustCoin is ERC20Interface, Owned, SafeMath {\n mapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n string public symbol;\n mapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n string public name;\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n uint8 public decimals;\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n uint public _totalSupply;\n\n mapping(address => uint) balances;\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n mapping(address => mapping(address => uint)) allowed;\n\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n constructor() public {\n symbol = \"AUC\";\n name = \"AugustCoin\";\n decimals = 18;\n _totalSupply = 100000000000000000000000000;\n balances[0xe4948b8A5609c3c39E49eC1e36679a94F72D62bD] = _totalSupply;\n emit Transfer(address(0), 0xe4948b8A5609c3c39E49eC1e36679a94F72D62bD, _totalSupply);\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n function totalSupply() public view returns (uint) {\n return _totalSupply - balances[address(0)];\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n\n // ------------------------------------------------------------------------\n // Get the token balance for account tokenOwner\n // ------------------------------------------------------------------------\n function balanceOf(address tokenOwner) public view returns (uint balance) {\n return balances[tokenOwner];\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to to account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transfer(address to, uint tokens) public returns (bool success) {\n balances[msg.sender] = safeSub(balances[msg.sender], tokens);\n balances[to] = safeAdd(balances[to], tokens);\n emit Transfer(msg.sender, to, tokens);\n return true;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for spender to transferFrom(...) tokens\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces \n // ------------------------------------------------------------------------\n function approve(address spender, uint tokens) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer tokens from the from account to the to account\n // \n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the from account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transferFrom(address from, address to, uint tokens) public returns (bool success) {\n balances[from] = safeSub(balances[from], tokens);\n allowed[from][msg.sender] = safeSub(allowed[from][msg.sender], tokens);\n balances[to] = safeAdd(balances[to], tokens);\n emit Transfer(from, to, tokens);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n function allowance(address tokenOwner, address spender) public view returns (uint remaining) {\n return allowed[tokenOwner][spender];\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for spender to transferFrom(...) tokens\n // from the token owner's account. The spender contract function\n // receiveApproval(...) is then executed\n // ------------------------------------------------------------------------\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n\n // ------------------------------------------------------------------------\n // Don't accept ETH\n // ------------------------------------------------------------------------\n function () external payable {\n revert();\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}\n\n\n" + }, + { + "contract": "0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 38\n */\n\npragma solidity ^0.4.19;\n\ncontract PrivateBank\n{\n mapping (address => uint) public balances;\n \n uint public MinDeposit = 1 ether;\n \n Log TransferLog;\n \n function PrivateBank(address _log)\n {\n TransferLog = Log(_log);\n }\n \n function Deposit()\n public\n payable\n {\n if(msg.value >= MinDeposit)\n {\n balances[msg.sender]+=msg.value;\n TransferLog.AddMessage(msg.sender,msg.value,\"Deposit\");\n }\n }\n \n function CashOut(uint _am)\n {\n if(_am<=balances[msg.sender])\n { \n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n balances[msg.sender]-=_am;\n TransferLog.AddMessage(msg.sender,_am,\"CashOut\");\n }\n }\n }\n \n function() public payable{} \n \n}\n\ncontract Log \n{\n \n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n \n Message[] public History;\n \n Message LastMsg;\n \n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "buggy_6.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.8;\n\ncontract Ownable\n{\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n bool private stopped;\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n address private _owner;\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n address private _master;\n\n mapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n event Stopped();\n uint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n event Started();\n mapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event MasterRoleTransferred(address indexed previousMaster, address indexed newMaster);\n\n constructor () internal\n {\n stopped = false;\n _owner = msg.sender;\n _master = msg.sender;\n emit OwnershipTransferred(address(0), _owner);\n emit MasterRoleTransferred(address(0), _master);\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n\n function owner() public view returns (address)\n {\n return _owner;\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n\n function master() public view returns (address)\n {\n return _master;\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n\n modifier onlyOwner()\n {\n require(isOwner());\n _;\n }\n\n modifier onlyMaster()\n {\n require(isMaster() || isOwner());\n _;\n }\n\n modifier onlyWhenNotStopped()\n {\n require(!isStopped());\n _;\n }\n\n function isOwner() public view returns (bool)\n {\n return msg.sender == _owner;\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n function isMaster() public view returns (bool)\n {\n return msg.sender == _master;\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n function transferOwnership(address newOwner) external onlyOwner\n {\n _transferOwnership(newOwner);\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n\n function transferMasterRole(address newMaster) external onlyOwner\n {\n _transferMasterRole(newMaster);\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n function isStopped() public view returns (bool)\n {\n return stopped;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n function stop() public onlyOwner\n {\n _stop();\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n function start() public onlyOwner\n {\n _start();\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n function _transferOwnership(address newOwner) internal\n {\n require(newOwner != address(0));\n emit OwnershipTransferred(_owner, newOwner);\n _owner = newOwner;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n function _transferMasterRole(address newMaster) internal\n {\n require(newMaster != address(0));\n emit MasterRoleTransferred(_master, newMaster);\n _master = newMaster;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n function _stop() internal\n {\n emit Stopped();\n stopped = true;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n function _start() internal\n {\n emit Started();\n stopped = false;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n}\n\ncontract ChannelWallet is Ownable\n{\n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n mapping(string => address) private addressMap;\n\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event SetAddress(string channelId, address _address);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event UpdateAddress(string from, string to);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event DeleteAddress(string account);\n\n function version() external pure returns(string memory)\n {\n return '0.0.1';\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n function getAddress(string calldata channelId) external view returns (address)\n {\n return addressMap[channelId];\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n function setAddress(string calldata channelId, address _address) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(channelId).length > 0);\n\n addressMap[channelId] = _address;\n\n emit SetAddress(channelId, _address);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function updateChannel(string calldata from, string calldata to, address _address) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(from).length > 0);\n require(bytes(to).length > 0);\n require(addressMap[to] == address(0));\n\n addressMap[to] = _address;\n\n addressMap[from] = address(0);\n\n emit UpdateAddress(from, to);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n function deleteChannel(string calldata channelId) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(channelId).length > 0);\n\n addressMap[channelId] = address(0);\n\n emit DeleteAddress(channelId);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n}" + }, + { + "contract": "buggy_39.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-26\n*/\n\npragma solidity ^0.5.10;\n\ncontract TAMCContract {\n uint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n mapping (address => uint256) public balanceOf;\n\n address payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n string public name = \"TAMC\";\n mapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n string public symbol = \"TAMC\";\n mapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n uint8 public decimals = 18;\n uint256 public totalSupply = 1000000000 * (uint256(10) ** decimals);\n\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n constructor() public {\n balanceOf[msg.sender] = totalSupply;\n emit Transfer(address(0), msg.sender, totalSupply);\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n function transfer(address to, uint256 value) public returns (bool success) {\n require(balanceOf[msg.sender] >= value);\n balanceOf[msg.sender] -= value;\n balanceOf[to] += value;\n emit Transfer(msg.sender, to, value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n mapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n mapping(address => mapping(address => uint256)) public allowance;\n\n function approve(address spender, uint256 value)\n public\n returns (bool success)\n {\n allowance[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n\n function transferFrom(address from, address to, uint256 value)\n public\n returns (bool success)\n {\n require(value <= balanceOf[from]);\n require(value <= allowance[from][msg.sender]);\n\n balanceOf[from] -= value;\n balanceOf[to] += value;\n allowance[from][msg.sender] -= value;\n emit Transfer(from, to, value);\n return true;\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n}\n" + }, + { + "contract": "buggy_45.sol", + "label": "reentrancy", + "code": "\t/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\ncontract StockBet {\n \n mapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n event GameCreated(uint bet);\n mapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n event GameOpened(uint256 initialPrice);\n uint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n event GameClosed();\n mapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event OracleSet(address oracle);\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event FinalPriceSet(uint256 finalPrice);\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event PlayerBet(address player, uint guess);\n \n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event PlayersWin(uint result, uint256 splitJackpot);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event OwnerWins(address owner);\n \n enum State {\n SETUP, PRICE_SET, OPEN, CLOSED, PLAYERS_WIN, OWNER_WIN\n }\n\n enum PaidStatus {\n UNDEFINED,\n NOT_PAID,\n PAID\n }\n \n struct Guess {\n mapping (address => PaidStatus) players;\n uint guesses_number;\n }\n \n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n address payable public owner;\n bool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n address public oracle;\n uint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n State public state;\n\n address payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n mapping (uint => Guess) public guesses;\n\n mapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n uint256 public bet;\n uint256 splitJackpot;\n address payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n uint public result;\n mapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n uint256 public initialPrice;\n address payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n uint256 public finalPrice;\n\n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n uint constant UP = 1;\n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n uint constant DOWN = 0;\n \n \n // ----------MODIFIERS--------------------\n modifier byPlayer(){\n require(msg.sender != oracle);\n _;\n }\n \n modifier byOwner(){\n require(msg.sender == owner);\n _;\n }\n \n modifier byOracle(){\n require(msg.sender == oracle);\n _;\n }\n \n modifier inState(State expected) {\n require(state == expected);\n _;\n }\n // -------------------------------------\n\n \n constructor(uint256 _bet) public {\n require(_bet > 0);\n \n owner = msg.sender;\n state = State.SETUP;\n bet = _bet;\n \n emit GameCreated(bet);\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n \n function setOracle(address _oracle) public payable byOwner inState(State.SETUP) {\n oracle = _oracle;\n \n emit OracleSet(oracle);\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n \n function setInitialPrice(uint256 _value) public payable byOracle inState(State.SETUP) {\n initialPrice = _value;\n state = State.OPEN;\n \n emit GameOpened(initialPrice);\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n function closeGame() public byOwner inState(State.OPEN){\n state = State.CLOSED;\n\n emit GameClosed();\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n \n function betUp() public payable byPlayer inState(State.OPEN){\n require(msg.value == (bet*0.001 ether));\n\n guesses[UP].guesses_number++;\n guesses[UP].players[msg.sender] = PaidStatus.NOT_PAID;\n\n emit PlayerBet(msg.sender, UP);\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n \n function betDown() public payable byPlayer inState(State.OPEN){\n require(msg.value == (bet*0.001 ether));\n\n guesses[DOWN].guesses_number++;\n guesses[DOWN].players[msg.sender] = PaidStatus.NOT_PAID;\n \n emit PlayerBet(msg.sender, DOWN);\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n \n \n function setFinalPrice(uint256 _value) public payable byOracle inState(State.CLOSED) {\n // require(isValidNumber(_result));\n \n finalPrice = _value;\n \n emit FinalPriceSet(finalPrice);\n \n if(finalPrice > initialPrice){\n result = UP;\n }else{\n result = DOWN;\n }\n \n \n if(guesses[result].guesses_number > 0){\n state = State.PLAYERS_WIN;\n splitJackpot = getBalance()/guesses[result].guesses_number;\n emit PlayersWin(result, splitJackpot);\n }else{\n state = State.OWNER_WIN;\n emit OwnerWins(owner);\n }\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n \n function collectOwnerWinnings() public byOwner inState(State.OWNER_WIN){\n selfdestruct(owner);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n \n function collectPlayerWinnings() public byPlayer inState(State.PLAYERS_WIN){\n if(guesses[result].players[msg.sender] == PaidStatus.NOT_PAID){\n guesses[result].players[msg.sender] = PaidStatus.PAID;\n msg.sender.transfer(splitJackpot);\n } else revert();\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function getBalance() private view returns (uint256){\n return address(this).balance;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n \n}\n" + }, + { + "contract": "buggy_4.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\n\n/**\n * @title PHO token - for Game coin sale\n * @author Willy Lee\n */\n\n\n/**\n * @title ERC20 Standard Interface\n */\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n event Transfer(address indexed from, address indexed to, uint256 value);\n}\n\n\n/**\n * @title Token implementation\n */\ncontract PHO is IERC20 {\n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n string public name = \"PHO\";\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n string public symbol = \"PHO\";\n mapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n uint8 public decimals = 18;\n \n mapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n uint256 saleAmount;\n mapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n uint256 evtAmount;\n uint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n uint256 teamAmount;\n\n address payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n uint256 _totalSupply;\n uint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n mapping(address => uint256) balances;\n\n address payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n address public owner;\n mapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n address public sale;\n mapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n address public evt;\n mapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n address public team;\n \n modifier isOwner {\n require(owner == msg.sender);\n _;\n }\n \n constructor() public {\n owner = msg.sender;\n sale = 0x071F73f4D0befd4406901AACE6D5FFD6D297c561;\n evt = 0x76535ca5BF1d33434A302e5A464Df433BB1F80F6;\n team = 0xD7EC5D8697e4c83Dc33D781d19dc2910fB165D5C;\n\n saleAmount = toWei(1000000000); //1,000,000,000\n evtAmount = toWei(200000000); // 200,000,000\n teamAmount = toWei(800000000); // 800,000,000\n _totalSupply = toWei(2000000000); //2,000,000,000\n\n require(_totalSupply == saleAmount + evtAmount + teamAmount );\n \n balances[owner] = _totalSupply;\n emit Transfer(address(0), owner, balances[owner]);\n \n transfer(sale, saleAmount);\n transfer(evt, evtAmount);\n transfer(team, teamAmount);\n require(balances[owner] == 0);\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n \n function totalSupply() public view returns (uint) {\n return _totalSupply;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n function balanceOf(address who) public view returns (uint256) {\n return balances[who];\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n \n function transfer(address to, uint256 value) public returns (bool success) {\n require(msg.sender != to);\n require(value > 0);\n \n require( balances[msg.sender] >= value );\n require( balances[to] + value >= balances[to] );\n\n if(msg.sender == team) {\n require(now >= 1589036400); // 800M lock to 2020-05-10\n if(balances[msg.sender] - value < toWei(600000000))\n require(now >= 1620572400); // 10M lock to 2021-05-10\n if(balances[msg.sender] - value < toWei(400000000))\n require(now >= 1652108400); // 10M lock to 2022-05-10\n if(balances[msg.sender] - value < toWei(200000000))\n require(now >= 1683644400); // 10M lock to 2023-05-10\n }\n\n balances[msg.sender] -= value;\n balances[to] += value;\n\n emit Transfer(msg.sender, to, value);\n return true;\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n \n function burnCoins(uint256 value) public {\n require(balances[msg.sender] >= value);\n require(_totalSupply >= value);\n \n balances[msg.sender] -= value;\n _totalSupply -= value;\n\n emit Transfer(msg.sender, address(0), value);\n }\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n\n\n /** @dev private function\n */\n\n function toWei(uint256 value) private view returns (uint256) {\n return value * (10 ** uint256(decimals));\n }\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n}" + }, + { + "contract": "modifier_reentrancy.sol", + "label": "reentrancy", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/reentracy/modifier_reentrancy.sol\n * @author: - \n * @vulnerable_at_lines: 15\n */\n\npragma solidity ^0.4.24;\n\ncontract ModifierEntrancy {\n mapping (address => uint) public tokenBalance;\n string constant name = \"Nu Token\";\n\n //If a contract has a zero balance and supports the token give them some token\n // REENTRANCY\n function airDrop() hasNoBalance supportsToken public{\n tokenBalance[msg.sender] += 20;\n }\n\n //Checks that the contract responds the way we want\n modifier supportsToken() {\n require(keccak256(abi.encodePacked(\"Nu Token\")) == Bank(msg.sender).supportsToken());\n _;\n }\n //Checks that the caller has a zero balance\n modifier hasNoBalance {\n require(tokenBalance[msg.sender] == 0);\n _;\n }\n}\n\ncontract Bank{\n function supportsToken() external pure returns(bytes32){\n return(keccak256(abi.encodePacked(\"Nu Token\")));\n }\n}\n\ncontract attack{ //An example of a contract that breaks the contract above.\n bool hasBeenCalled;\n function supportsToken() external returns(bytes32){\n if(!hasBeenCalled){\n hasBeenCalled = true;\n ModifierEntrancy(msg.sender).airDrop();\n }\n return(keccak256(abi.encodePacked(\"Nu Token\")));\n }\n function call(address token) public{\n ModifierEntrancy(token).airDrop();\n }\n}\n" + }, + { + "contract": "buggy_24.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-25\n*/\n\n// File: contracts/zeppelin/SafeMath.sol\n\npragma solidity ^0.5.1;\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n return sub(a, b, \"SafeMath: subtraction overflow\");\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n *\n * NOTE: This is a feature of the next version of OpenZeppelin Contracts.\n * @dev Get it via `npm install @openzeppelin/contracts@next`.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b <= a, errorMessage);\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n return div(a, b, \"SafeMath: division by zero\");\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n\n * NOTE: This is a feature of the next version of OpenZeppelin Contracts.\n * @dev Get it via `npm install @openzeppelin/contracts@next`.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, errorMessage);\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n return mod(a, b, \"SafeMath: modulo by zero\");\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts with custom message when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n *\n * NOTE: This is a feature of the next version of OpenZeppelin Contracts.\n * @dev Get it via `npm install @openzeppelin/contracts@next`.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b != 0, errorMessage);\n return a % b;\n }\n}\n\n// File: contracts/App.sol\n\npragma solidity ^0.5.0;\n\n\n\ncontract FomoFeast {\n\n /**\n * MATH\n */\n\n using SafeMath for uint256;\n\n struct User {\n uint256 totalInvestCount;\n uint256 totalInvestAmount;\n uint256 totalStaticCommissionWithdrawAmount;\n uint256 totalDynamicCommissionWithdrawAmount;\n uint256 totalWithdrawAmount;\n uint256 downlineCount;\n uint256 nodeCount;\n uint256 totalDownlineInvestAmount;\n uint256 currentInvestTime;\n uint256 currentInvestAmount;\n uint256 currentInvestCycle;\n uint256 currentlevel;\n uint256 currentStaticCommissionRatio;\n uint256 currentStaticCommissionWithdrawAmount;\n uint256 staticCommissionBalance;\n uint256 dynamicCommissionBalance;\n uint256 calcDynamicCommissionAmount;\n address sponsorAddress;\n }\n\n struct InvestRecord {\n uint256 time;\n uint256 amount;\n uint256 cycle;\n }\n\n struct CommissionRecord {\n uint256 time;\n uint256 amount;\n }\n\n /**\n * DATA\n */\n\n uint256 private constant ONE_ETH = 1 ether;\n uint256 private constant ONE_DAY = 1 days;\n address private constant GENESIS_USER_ADDRESS = 0xe00d13D53Ba180EAD5F4838BD56b15629026A8C9;\n address private constant ENGINEER_ADDRESS = 0xddf0bB01f81059CCdB3D5bF5b1C7Bd540aDDFEac;\n\n // INITIALIZATION DATA\n bool private initialized = false;\n\n // OWNER DATA\n address public owner;\n\n mapping(address => uint) redeemableEther_re_ent18;\nfunction claimReward_re_ent18() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent18[msg.sender] > 0);\n uint transferValue_re_ent18 = redeemableEther_re_ent18[msg.sender];\n msg.sender.transfer(transferValue_re_ent18); //bug\n redeemableEther_re_ent18[msg.sender] = 0;\n }\n uint256 public totalInvestCount;\n mapping(address => uint) balances_re_ent29;\n function withdraw_balances_re_ent29 () public {\n if (msg.sender.send(balances_re_ent29[msg.sender ]))\n balances_re_ent29[msg.sender] = 0;\n }\n uint256 public totalInvestAmount;\n bool not_called_re_ent6 = true;\nfunction bug_re_ent6() public{\n require(not_called_re_ent6);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent6 = false;\n }\n uint256 public totalStaticCommissionWithdrawAmount;\n address payable lastPlayer_re_ent16;\n uint jackpot_re_ent16;\n\t function buyTicket_re_ent16() public{\n\t if (!(lastPlayer_re_ent16.send(jackpot_re_ent16)))\n revert();\n lastPlayer_re_ent16 = msg.sender;\n jackpot_re_ent16 = address(this).balance;\n }\n uint256 public totalDynamicCommissionWithdrawAmount;\n mapping(address => uint) balances_re_ent24;\nfunction withdrawFunds_re_ent24 (uint256 _weiToWithdraw) public {\n require(balances_re_ent24[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent24[msg.sender] -= _weiToWithdraw;\n }\n uint256 public totalWithdrawAmount;\n mapping(address => uint) userBalance_re_ent5;\nfunction withdrawBalance_re_ent5() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent5[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent5[msg.sender] = 0;\n }\n uint256 public totalUserCount;\n mapping(address => uint) balances_re_ent15;\n function withdraw_balances_re_ent15 () public {\n if (msg.sender.send(balances_re_ent15[msg.sender ]))\n balances_re_ent15[msg.sender] = 0;\n }\n uint256 public engineerFunds;\n uint256 counter_re_ent28 =0;\nfunction callme_re_ent28() public{\n require(counter_re_ent28<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent28 += 1;\n }\n uint256 public engineerWithdrawAmount;\n bool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n uint256 public operatorFunds;\n uint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n uint256 public operatorWithdrawAmount;\n\n mapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n mapping (address => User) private userMapping;\n mapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n mapping (uint256 => address) private addressMapping;\n mapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n mapping (address => InvestRecord[9]) private investRecordMapping;\n mapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n mapping (address => CommissionRecord[9]) private staticCommissionRecordMapping;\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n mapping (address => CommissionRecord[9]) private dynamicCommissionRecordMapping;\n\n /**\n * FUNCTIONALITY\n */\n\n // INITIALIZATION FUNCTIONALITY\n\n /**\n * @dev sets 0 initials tokens, the owner, and the supplyController.\n * this serves as the constructor for the proxy but compiles to the\n * memory model of the Implementation contract.\n */\n function initialize() public {\n require(!initialized, \"already initialized\");\n owner = msg.sender;\n userMapping[GENESIS_USER_ADDRESS] = User(1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, address(0));\n initialized = true;\n }\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n\n /**\n * The constructor is used here to ensure that the implementation\n * contract is initialized. An uncontrolled implementation\n * contract might lead to misleading state\n * for users who accidentally interact with it.\n */\n constructor() public {\n initialize();\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n\n // OWNER FUNCTIONALITY\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner, \"onlyOwner\");\n _;\n }\n\n modifier onlyEngineer() {\n require(msg.sender == ENGINEER_ADDRESS, \"onlyEngineer\");\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0), \"cannot transfer ownership to address zero\");\n owner = newOwner;\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n\n function getLevelByInvestAmount(uint256 investAmount) private pure returns (uint256 level) {\n if (investAmount >= ONE_ETH.mul(11)) {\n level = 3;\n } else if (investAmount >= ONE_ETH.mul(6)) {\n level = 2;\n } else {\n level = 1;\n }\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n\n function isInvestExpired(User memory user) private view returns (bool expired) {\n expired = (user.currentInvestTime.add(user.currentInvestCycle.mul(ONE_DAY)) < now);\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n function getAbortInvestAmount(User memory user) private view returns (uint256 amount) {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n require(commissionDays >= 3, \"Invest time must >= 3days\");\n uint256 lossRatio = 15;\n if (commissionDays >= 60) {\n lossRatio = 5;\n } else if (commissionDays >= 30) {\n lossRatio = 10;\n }\n amount = user.currentInvestAmount;\n amount = amount.sub(user.currentInvestAmount.mul(lossRatio).div(100));\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n function getStaticCommissionRatio(uint256 level, uint256 investCycle) private pure returns (uint256 ratio) {\n if (level == 1) {\n if (investCycle == 30) {\n ratio = 7;\n } else if(investCycle == 60) {\n ratio = 8;\n } else {\n ratio = 9;\n }\n } else if (level == 2) {\n if (investCycle == 30) {\n ratio = 8;\n } else if(investCycle == 60) {\n ratio = 9;\n } else {\n ratio = 10;\n }\n } else {\n if (investCycle == 30) {\n ratio = 11;\n } else if(investCycle == 60) {\n ratio = 12;\n } else {\n ratio = 13;\n }\n }\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n\n function getDynamicCommissionRatio(User memory user, uint256 depth) private pure returns (uint256 ratio) {\n if (user.currentlevel == 1) {\n if (depth == 1) {\n ratio = 50;\n } else {\n ratio = 0;\n }\n } else if (user.currentlevel == 2) {\n if (depth == 1) {\n ratio = 70;\n } else if (depth == 2) {\n ratio = 50;\n } else {\n ratio = 0;\n }\n } else {\n if (depth == 1) {\n ratio = 100;\n } else if (depth == 2) {\n ratio = 70;\n } else if (depth == 3) {\n ratio = 50;\n } else if (depth >= 4 && depth <= 10) {\n ratio = 10;\n } else if (depth >= 11 && depth <= 20) {\n ratio = 5;\n } else {\n ratio = 1;\n }\n }\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n function getAvaliableStaticCommissionAmount(User memory user) private view returns (uint256 amount) {\n if (user.currentInvestAmount == 0) {\n amount = 0;\n } else {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n if (commissionDays > user.currentInvestCycle) {\n commissionDays = user.currentInvestCycle;\n }\n amount = user.currentInvestAmount.mul(user.currentStaticCommissionRatio).mul(commissionDays);\n amount = amount.div(1000);\n amount = amount.sub(user.currentStaticCommissionWithdrawAmount);\n }\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n function addInvestRecord(address userAddress, uint256 time, uint256 amount, uint256 cycle) private {\n InvestRecord[9] storage records = investRecordMapping[userAddress];\n for (uint256 i = 8; i > 0; --i) {\n InvestRecord memory prevRecord = records[i - 1];\n records[i] = prevRecord;\n }\n records[0] = InvestRecord(time, amount, cycle);\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n function addStaticCommissionRecord(address userAddress, uint256 time, uint256 amount) private {\n CommissionRecord[9] storage records = staticCommissionRecordMapping[userAddress];\n for (uint256 i = 8; i > 0; --i) {\n CommissionRecord memory prevRecord = records[i - 1];\n records[i] = prevRecord;\n }\n records[0] = CommissionRecord(time, amount);\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n function addDynamicCommissionRecord(address userAddress, uint256 time, uint256 amount) private {\n CommissionRecord[9] storage records = dynamicCommissionRecordMapping[userAddress];\n for (uint256 i = 8; i > 0; --i) {\n CommissionRecord memory prevRecord = records[i - 1];\n records[i] = prevRecord;\n }\n records[0] = CommissionRecord(time, amount);\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n function invest(address sponsorAddress, uint256 investCycle) external payable {\n User storage sponsor = userMapping[sponsorAddress];\n require(sponsor.totalInvestCount > 0, \"Invalid sponsor address\");\n require(investCycle == 30 || investCycle == 60 || investCycle == 90, \"Invalid invest cycle\");\n uint256 investAmount = msg.value.div(ONE_ETH);\n investAmount = investAmount.mul(ONE_ETH);\n require(investAmount == msg.value, \"Invest amount is not integer\");\n require(investAmount >= ONE_ETH.mul(1) && investAmount <= ONE_ETH.mul(15), \"Invalid invest amount\");\n\n User memory user = userMapping[msg.sender];\n uint256 level = getLevelByInvestAmount(investAmount);\n if (user.totalInvestCount > 0) {\n require(user.sponsorAddress == sponsorAddress, \"sponsor address is inconsistent\");\n require(user.currentInvestAmount == 0, \"Dumplicate invest\");\n require(user.currentInvestTime == 0, \"Invalid state\");\n require(user.currentInvestCycle == 0, \"Invalid state\");\n require(user.currentlevel == 0, \"Invalid state\");\n require(user.currentStaticCommissionRatio == 0, \"Invalid state\");\n require(user.currentStaticCommissionWithdrawAmount == 0, \"Invalid state\");\n user.totalInvestCount = user.totalInvestCount.add(1);\n user.totalInvestAmount = user.totalInvestAmount.add(investAmount);\n user.currentInvestTime = now;\n user.currentInvestAmount = investAmount;\n user.currentInvestCycle = investCycle;\n user.currentlevel = level;\n user.currentStaticCommissionRatio = getStaticCommissionRatio(level, investCycle);\n userMapping[msg.sender] = user;\n address addressWalker = sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n sponsor = userMapping[addressWalker];\n sponsor.totalDownlineInvestAmount = sponsor.totalDownlineInvestAmount.add(investAmount);\n addressWalker = sponsor.sponsorAddress;\n }\n } else {\n userMapping[msg.sender] = User(1, investAmount, 0, 0, 0, 1, 0, investAmount,\n now, investAmount, investCycle, level,\n getStaticCommissionRatio(level, investCycle),\n 0, 0, 0, 0, sponsorAddress);\n addressMapping[totalUserCount] = msg.sender;\n totalUserCount = totalUserCount.add(1);\n address addressWalker = sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n sponsor = userMapping[addressWalker];\n sponsor.downlineCount = sponsor.downlineCount.add(1);\n if (addressWalker == sponsorAddress) {\n sponsor.nodeCount = sponsor.nodeCount.add(1);\n }\n sponsor.totalDownlineInvestAmount = sponsor.totalDownlineInvestAmount.add(investAmount);\n addressWalker = sponsor.sponsorAddress;\n }\n }\n\n addInvestRecord(msg.sender, now, investAmount, investCycle);\n totalInvestCount = totalInvestCount.add(1);\n totalInvestAmount = totalInvestAmount.add(investAmount);\n engineerFunds = engineerFunds.add(investAmount.div(50));\n operatorFunds = operatorFunds.add(investAmount.mul(3).div(100));\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n function userWithdraw() external {\n User storage user = userMapping[msg.sender];\n if (user.currentInvestAmount > 0) {\n uint256 avaliableIA = user.currentInvestAmount;\n if (!isInvestExpired(user)) {\n avaliableIA = getAbortInvestAmount(user);\n }\n uint256 avaliableSCA = getAvaliableStaticCommissionAmount(user);\n user.staticCommissionBalance = user.staticCommissionBalance.add(avaliableSCA);\n user.currentInvestTime = 0;\n user.currentInvestAmount = 0;\n user.currentInvestCycle = 0;\n user.currentlevel = 0;\n user.currentStaticCommissionRatio = 0;\n user.currentStaticCommissionWithdrawAmount = 0;\n user.totalWithdrawAmount = user.totalWithdrawAmount.add(avaliableIA);\n totalWithdrawAmount = totalWithdrawAmount.add(avaliableIA);\n msg.sender.transfer(avaliableIA);\n }\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n function userWithdrawCommission() external {\n User storage user = userMapping[msg.sender];\n uint256 avaliableDCB = user.dynamicCommissionBalance;\n uint256 avaliableSCA = getAvaliableStaticCommissionAmount(user);\n uint256 avaliableSCB = user.staticCommissionBalance.add(avaliableSCA);\n uint256 avaliableWithdrawAmount = avaliableDCB.add(avaliableSCB);\n if (avaliableWithdrawAmount >= ONE_ETH.div(10)) {\n user.staticCommissionBalance = 0;\n user.dynamicCommissionBalance = 0;\n user.currentStaticCommissionWithdrawAmount = user.currentStaticCommissionWithdrawAmount.add(avaliableSCA);\n user.totalStaticCommissionWithdrawAmount = user.totalStaticCommissionWithdrawAmount.add(avaliableSCB);\n user.totalDynamicCommissionWithdrawAmount = user.totalDynamicCommissionWithdrawAmount.add(avaliableDCB);\n user.totalWithdrawAmount = user.totalWithdrawAmount.add(avaliableWithdrawAmount);\n totalStaticCommissionWithdrawAmount = totalStaticCommissionWithdrawAmount.add(avaliableSCB);\n totalDynamicCommissionWithdrawAmount = totalDynamicCommissionWithdrawAmount.add(avaliableDCB);\n totalWithdrawAmount = totalWithdrawAmount.add(avaliableWithdrawAmount);\n if (avaliableSCB > 0) {\n addStaticCommissionRecord(msg.sender, now, avaliableSCB);\n }\n msg.sender.transfer(avaliableWithdrawAmount);\n }\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n function engineerWithdraw() external onlyEngineer {\n uint256 avaliableAmount = engineerFunds;\n if (avaliableAmount > 0) {\n engineerFunds = 0;\n engineerWithdrawAmount = engineerWithdrawAmount.add(avaliableAmount);\n msg.sender.transfer(avaliableAmount);\n }\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n function operatorWithdraw() external onlyOwner {\n uint256 avaliableAmount = operatorFunds;\n if (avaliableAmount > 0) {\n operatorFunds = 0;\n operatorWithdrawAmount = operatorWithdrawAmount.add(avaliableAmount);\n msg.sender.transfer(avaliableAmount);\n }\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n function getSummary() public view returns (uint256[11] memory) {\n return ([address(this).balance, totalInvestCount, totalInvestAmount,\n totalStaticCommissionWithdrawAmount,\n totalDynamicCommissionWithdrawAmount,\n totalWithdrawAmount,\n totalUserCount,\n engineerFunds, engineerWithdrawAmount,\n operatorFunds, operatorWithdrawAmount]);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function getUserByAddress(address userAddress) public view returns(uint256[16] memory,\n address) {\n User memory user = userMapping[userAddress];\n return ([user.totalInvestCount, user.totalInvestAmount,\n user.totalStaticCommissionWithdrawAmount,\n user.totalDynamicCommissionWithdrawAmount,\n user.totalWithdrawAmount,\n user.downlineCount, user.nodeCount,\n user.totalDownlineInvestAmount,\n user.currentInvestTime, user.currentInvestAmount,\n user.currentInvestCycle, user.currentlevel,\n user.currentStaticCommissionRatio,\n user.staticCommissionBalance.add(getAvaliableStaticCommissionAmount(user)),\n user.dynamicCommissionBalance,\n user.calcDynamicCommissionAmount],\n user.sponsorAddress);\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n function getUserByIndex(uint256 index) external view onlyOwner returns(uint256[16] memory,\n address) {\n return getUserByAddress(addressMapping[index]);\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n function getInvestRecords(address userAddress) external view returns(uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory) {\n InvestRecord[9] memory records = investRecordMapping[userAddress];\n return ([records[0].time, records[0].amount, records[0].cycle],\n [records[1].time, records[1].amount, records[1].cycle],\n [records[2].time, records[2].amount, records[2].cycle],\n [records[3].time, records[3].amount, records[3].cycle],\n [records[4].time, records[4].amount, records[4].cycle],\n [records[5].time, records[5].amount, records[5].cycle],\n [records[6].time, records[6].amount, records[6].cycle],\n [records[7].time, records[7].amount, records[7].cycle],\n [records[8].time, records[8].amount, records[8].cycle]);\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n function getStaticCommissionRecords(address userAddress) external view returns(uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory) {\n CommissionRecord[9] memory records = staticCommissionRecordMapping[userAddress];\n return ([records[0].time, records[0].amount],\n [records[1].time, records[1].amount],\n [records[2].time, records[2].amount],\n [records[3].time, records[3].amount],\n [records[4].time, records[4].amount],\n [records[5].time, records[5].amount],\n [records[6].time, records[6].amount],\n [records[7].time, records[7].amount],\n [records[8].time, records[8].amount]);\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n function getDynamicCommissionRecords(address userAddress) external view returns(uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory) {\n CommissionRecord[9] memory records = dynamicCommissionRecordMapping[userAddress];\n return ([records[0].time, records[0].amount],\n [records[1].time, records[1].amount],\n [records[2].time, records[2].amount],\n [records[3].time, records[3].amount],\n [records[4].time, records[4].amount],\n [records[5].time, records[5].amount],\n [records[6].time, records[6].amount],\n [records[7].time, records[7].amount],\n [records[8].time, records[8].amount]);\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n function calcDynamicCommission() external onlyOwner {\n for (uint256 i = 0; i < totalUserCount; ++i) {\n User storage user = userMapping[addressMapping[i]];\n user.calcDynamicCommissionAmount = 0;\n }\n\n for (uint256 i = 0; i < totalUserCount; ++i) {\n User memory user = userMapping[addressMapping[i]];\n if (user.currentInvestAmount > 0) {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n if (commissionDays >= 1 && commissionDays <= user.currentInvestCycle) {\n uint256 depth = 1;\n address addressWalker = user.sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n User storage sponsor = userMapping[addressWalker];\n if (sponsor.currentInvestAmount > 0) {\n uint256 dynamicCommissionRatio = getDynamicCommissionRatio(sponsor, depth);\n if (dynamicCommissionRatio > 0) {\n uint256 dynamicCA = sponsor.currentInvestAmount;\n if (dynamicCA > user.currentInvestAmount) {\n dynamicCA = user.currentInvestAmount;\n }\n dynamicCA = dynamicCA.mul(user.currentStaticCommissionRatio);\n dynamicCA = dynamicCA.mul(dynamicCommissionRatio);\n if (sponsor.currentlevel == 1) {\n dynamicCA = dynamicCA.mul(3).div(1000 * 100 * 10);\n } else if (sponsor.currentlevel == 2) {\n dynamicCA = dynamicCA.mul(6).div(1000 * 100 * 10);\n } else {\n dynamicCA = dynamicCA.div(1000 * 100);\n }\n sponsor.calcDynamicCommissionAmount = sponsor.calcDynamicCommissionAmount.add(dynamicCA);\n }\n }\n addressWalker = sponsor.sponsorAddress;\n depth = depth.add(1);\n }\n }\n }\n }\n\n for (uint256 i = 0; i < totalUserCount; ++i) {\n address userAddress = addressMapping[i];\n User storage user = userMapping[userAddress];\n if (user.calcDynamicCommissionAmount > 0) {\n user.dynamicCommissionBalance = user.dynamicCommissionBalance.add(user.calcDynamicCommissionAmount);\n addDynamicCommissionRecord(userAddress, now, user.calcDynamicCommissionAmount);\n }\n }\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n\n function calcDynamicCommissionBegin(uint256 index, uint256 length) external onlyOwner {\n for (uint256 i = index; i < (index + length); ++i) {\n User storage user = userMapping[addressMapping[i]];\n user.calcDynamicCommissionAmount = 0;\n }\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n\n function calcDynamicCommissionRange(uint256 index, uint256 length) external onlyOwner {\n for (uint256 i = index; i < (index + length); ++i) {\n User memory user = userMapping[addressMapping[i]];\n if (user.currentInvestAmount > 0) {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n if (commissionDays >= 1 && commissionDays <= user.currentInvestCycle) {\n uint256 depth = 1;\n address addressWalker = user.sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n User storage sponsor = userMapping[addressWalker];\n if (sponsor.currentInvestAmount > 0) {\n uint256 dynamicCommissionRatio = getDynamicCommissionRatio(sponsor, depth);\n if (dynamicCommissionRatio > 0) {\n uint256 dynamicCA = sponsor.currentInvestAmount;\n if (dynamicCA > user.currentInvestAmount) {\n dynamicCA = user.currentInvestAmount;\n }\n dynamicCA = dynamicCA.mul(user.currentStaticCommissionRatio);\n dynamicCA = dynamicCA.mul(dynamicCommissionRatio);\n if (sponsor.currentlevel == 1) {\n dynamicCA = dynamicCA.mul(3).div(1000 * 100 * 10);\n } else if (sponsor.currentlevel == 2) {\n dynamicCA = dynamicCA.mul(6).div(1000 * 100 * 10);\n } else {\n dynamicCA = dynamicCA.div(1000 * 100);\n }\n sponsor.calcDynamicCommissionAmount = sponsor.calcDynamicCommissionAmount.add(dynamicCA);\n }\n }\n addressWalker = sponsor.sponsorAddress;\n depth = depth.add(1);\n }\n }\n }\n }\n }\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n\n function calcDynamicCommissionEnd(uint256 index, uint256 length) external onlyOwner {\n for (uint256 i = index; i < (index + length); ++i) {\n address userAddress = addressMapping[i];\n User storage user = userMapping[userAddress];\n if (user.calcDynamicCommissionAmount > 0) {\n user.dynamicCommissionBalance = user.dynamicCommissionBalance.add(user.calcDynamicCommissionAmount);\n addDynamicCommissionRecord(userAddress, now, user.calcDynamicCommissionAmount);\n }\n }\n }\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n}\n" + }, + { + "contract": "buggy_19.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-28\n*/\n\npragma solidity ^0.5.1;\n\n/**\n * @title SafeMath\n * @dev Math operations with safety checks that throw on error\n */\nlibrary SafeMath {\n\n /**\n * @dev Multiplies two numbers, throws on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n /**\n * @dev Integer division of two numbers, truncating the quotient.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n /**\n * @dev Substracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n /**\n * @dev Adds two numbers, throws on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n}\n\n/**\n * @title owned\n * @dev The owned contract has an owner address, and provides basic authorization\n * control functions, this simplifies the implementation of \"user permissions\".\n */\ncontract owned {\n mapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n address public owner;\n /**\n * @dev The owned constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor() public {\n owner = msg.sender;\n }\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n */\n function transferOwnership(address newOwner) onlyOwner public {\n require(newOwner != address(0));\n owner = newOwner;\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n}\n\ncontract ethBank is owned{\n \n function () payable external {}\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n \n function withdrawForUser(address payable _address,uint amount) onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\");\n _address.transfer(amount);\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n\n function moveBrick(uint amount) onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(amount);\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n \n /**\n * @dev withdraws Contracts balance.\n * -functionhash- 0x7ee20df8\n */\n function moveBrickContracts() onlyOwner public\n {\n // only team just can withdraw Contracts\n require(msg.sender == owner, \"only owner can use this method\"); \n \n msg.sender.transfer(address(this).balance);\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n // either settled or refunded. All funds are transferred to contract owner.\n function moveBrickClear() onlyOwner public {\n // only team just can destruct\n require(msg.sender == owner, \"only owner can use this method\"); \n\n selfdestruct(msg.sender);\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n \n \n \n ////////////////////////////////////////////////////////////////////\n \n function joinFlexible() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n function joinFixed() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n function staticBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n function activeBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n function teamAddBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n function staticBonusCacl() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n function activeBonusCacl_1() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n function activeBonusCacl_2() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n function activeBonusCacl_3() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n function activeBonusCacl_4() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n function activeBonusCacl_5() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n function activeBonusCacl_6() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n function activeBonusCacl_7() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n function activeBonusCacl_8() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n function activeBonusCacl_9() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n function teamAddBonusCacl() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n function caclTeamPerformance() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n function releaStaticBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n function releaActiveBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n function releaTeamAddBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n}\n" + }, + { + "contract": "spank_chain_payment.sol", + "label": "reentrancy", + "code": "/*\n * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/reentrancy/SpankChain_source_code/SpankChain_Payment.sol\n * @author: -\n * @vulnerable_at_lines: 426,430\n */\n\n // https://etherscan.io/address/0xf91546835f756da0c10cfa0cda95b15577b84aa7#code\n\n pragma solidity ^0.4.23;\n // produced by the Solididy File Flattener (c) David Appleton 2018\n // contact : dave@akomba.com\n // released under Apache 2.0 licence\n contract Token {\n /* This is a slight change to the ERC20 base standard.\n function totalSupply() constant returns (uint256 supply);\n is replaced with:\n uint256 public totalSupply;\n This automatically creates a getter function for the totalSupply.\n This is moved to the base contract since public getter functions are not\n currently recognised as an implementation of the matching abstract\n function by the compiler.\n */\n /// total amount of tokens\n uint256 public totalSupply;\n\n /// @param _owner The address from which the balance will be retrieved\n /// @return The balance\n function balanceOf(address _owner) public constant returns (uint256 balance);\n\n /// @notice send `_value` token to `_to` from `msg.sender`\n /// @param _to The address of the recipient\n /// @param _value The amount of token to be transferred\n /// @return Whether the transfer was successful or not\n function transfer(address _to, uint256 _value) public returns (bool success);\n\n /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from`\n /// @param _from The address of the sender\n /// @param _to The address of the recipient\n /// @param _value The amount of token to be transferred\n /// @return Whether the transfer was successful or not\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\n\n /// @notice `msg.sender` approves `_spender` to spend `_value` tokens\n /// @param _spender The address of the account able to transfer the tokens\n /// @param _value The amount of tokens to be approved for transfer\n /// @return Whether the approval was successful or not\n function approve(address _spender, uint256 _value) public returns (bool success);\n\n /// @param _owner The address of the account owning tokens\n /// @param _spender The address of the account able to transfer the tokens\n /// @return Amount of remaining tokens allowed to spent\n function allowance(address _owner, address _spender) public constant returns (uint256 remaining);\n\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n }\n\n library ECTools {\n\n // @dev Recovers the address which has signed a message\n // @thanks https://gist.github.com/axic/5b33912c6f61ae6fd96d6c4a47afde6d\n function recoverSigner(bytes32 _hashedMsg, string _sig) public pure returns (address) {\n require(_hashedMsg != 0x00);\n\n // need this for test RPC\n bytes memory prefix = \"\\x19Ethereum Signed Message:\\n32\";\n bytes32 prefixedHash = keccak256(abi.encodePacked(prefix, _hashedMsg));\n\n if (bytes(_sig).length != 132) {\n return 0x0;\n }\n bytes32 r;\n bytes32 s;\n uint8 v;\n bytes memory sig = hexstrToBytes(substring(_sig, 2, 132));\n assembly {\n r := mload(add(sig, 32))\n s := mload(add(sig, 64))\n v := byte(0, mload(add(sig, 96)))\n }\n if (v < 27) {\n v += 27;\n }\n if (v < 27 || v > 28) {\n return 0x0;\n }\n return ecrecover(prefixedHash, v, r, s);\n }\n\n // @dev Verifies if the message is signed by an address\n function isSignedBy(bytes32 _hashedMsg, string _sig, address _addr) public pure returns (bool) {\n require(_addr != 0x0);\n\n return _addr == recoverSigner(_hashedMsg, _sig);\n }\n\n // @dev Converts an hexstring to bytes\n function hexstrToBytes(string _hexstr) public pure returns (bytes) {\n uint len = bytes(_hexstr).length;\n require(len % 2 == 0);\n\n bytes memory bstr = bytes(new string(len / 2));\n uint k = 0;\n string memory s;\n string memory r;\n for (uint i = 0; i < len; i += 2) {\n s = substring(_hexstr, i, i + 1);\n r = substring(_hexstr, i + 1, i + 2);\n uint p = parseInt16Char(s) * 16 + parseInt16Char(r);\n bstr[k++] = uintToBytes32(p)[31];\n }\n return bstr;\n }\n\n // @dev Parses a hexchar, like 'a', and returns its hex value, in this case 10\n function parseInt16Char(string _char) public pure returns (uint) {\n bytes memory bresult = bytes(_char);\n // bool decimals = false;\n if ((bresult[0] >= 48) && (bresult[0] <= 57)) {\n return uint(bresult[0]) - 48;\n } else if ((bresult[0] >= 65) && (bresult[0] <= 70)) {\n return uint(bresult[0]) - 55;\n } else if ((bresult[0] >= 97) && (bresult[0] <= 102)) {\n return uint(bresult[0]) - 87;\n } else {\n revert();\n }\n }\n\n // @dev Converts a uint to a bytes32\n // @thanks https://ethereum.stackexchange.com/questions/4170/how-to-convert-a-uint-to-bytes-in-solidity\n function uintToBytes32(uint _uint) public pure returns (bytes b) {\n b = new bytes(32);\n assembly {mstore(add(b, 32), _uint)}\n }\n\n // @dev Hashes the signed message\n // @ref https://github.com/ethereum/go-ethereum/issues/3731#issuecomment-293866868\n function toEthereumSignedMessage(string _msg) public pure returns (bytes32) {\n uint len = bytes(_msg).length;\n require(len > 0);\n bytes memory prefix = \"\\x19Ethereum Signed Message:\\n\";\n return keccak256(abi.encodePacked(prefix, uintToString(len), _msg));\n }\n\n // @dev Converts a uint in a string\n function uintToString(uint _uint) public pure returns (string str) {\n uint len = 0;\n uint m = _uint + 0;\n while (m != 0) {\n len++;\n m /= 10;\n }\n bytes memory b = new bytes(len);\n uint i = len - 1;\n while (_uint != 0) {\n uint remainder = _uint % 10;\n _uint = _uint / 10;\n b[i--] = byte(48 + remainder);\n }\n str = string(b);\n }\n\n\n // @dev extract a substring\n // @thanks https://ethereum.stackexchange.com/questions/31457/substring-in-solidity\n function substring(string _str, uint _startIndex, uint _endIndex) public pure returns (string) {\n bytes memory strBytes = bytes(_str);\n require(_startIndex <= _endIndex);\n require(_startIndex >= 0);\n require(_endIndex <= strBytes.length);\n\n bytes memory result = new bytes(_endIndex - _startIndex);\n for (uint i = _startIndex; i < _endIndex; i++) {\n result[i - _startIndex] = strBytes[i];\n }\n return string(result);\n }\n }\n contract StandardToken is Token {\n\n function transfer(address _to, uint256 _value) public returns (bool success) {\n //Default assumes totalSupply can't be over max (2^256 - 1).\n //If your token leaves out totalSupply and can issue more tokens as time goes on, you need to check if it doesn't wrap.\n //Replace the if with this one instead.\n //require(balances[msg.sender] >= _value && balances[_to] + _value > balances[_to]);\n require(balances[msg.sender] >= _value);\n balances[msg.sender] -= _value;\n balances[_to] += _value;\n emit Transfer(msg.sender, _to, _value);\n return true;\n }\n\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n //same as above. Replace this line with the following if you want to protect against wrapping uints.\n //require(balances[_from] >= _value && allowed[_from][msg.sender] >= _value && balances[_to] + _value > balances[_to]);\n require(balances[_from] >= _value && allowed[_from][msg.sender] >= _value);\n balances[_to] += _value;\n balances[_from] -= _value;\n allowed[_from][msg.sender] -= _value;\n emit Transfer(_from, _to, _value);\n return true;\n }\n\n function balanceOf(address _owner) public constant returns (uint256 balance) {\n return balances[_owner];\n }\n\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\n\n function allowance(address _owner, address _spender) public constant returns (uint256 remaining) {\n return allowed[_owner][_spender];\n }\n\n mapping (address => uint256) balances;\n mapping (address => mapping (address => uint256)) allowed;\n }\n\n contract HumanStandardToken is StandardToken {\n\n /* Public variables of the token */\n\n /*\n NOTE:\n The following variables are OPTIONAL vanities. One does not have to include them.\n They allow one to customise the token contract & in no way influences the core functionality.\n Some wallets/interfaces might not even bother to look at this information.\n */\n string public name; //fancy name: eg Simon Bucks\n uint8 public decimals; //How many decimals to show. ie. There could 1000 base units with 3 decimals. Meaning 0.980 SBX = 980 base units. It's like comparing 1 wei to 1 ether.\n string public symbol; //An identifier: eg SBX\n string public version = 'H0.1'; //human 0.1 standard. Just an arbitrary versioning scheme.\n\n constructor(\n uint256 _initialAmount,\n string _tokenName,\n uint8 _decimalUnits,\n string _tokenSymbol\n ) public {\n balances[msg.sender] = _initialAmount; // Give the creator all initial tokens\n totalSupply = _initialAmount; // Update total supply\n name = _tokenName; // Set the name for display purposes\n decimals = _decimalUnits; // Amount of decimals for display purposes\n symbol = _tokenSymbol; // Set the symbol for display purposes\n }\n\n /* Approves and then calls the receiving contract */\n function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) {\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n\n //call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this.\n //receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData)\n //it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead.\n require(_spender.call(bytes4(bytes32(keccak256(\"receiveApproval(address,uint256,address,bytes)\"))), msg.sender, _value, this, _extraData));\n return true;\n }\n }\n\n contract LedgerChannel {\n\n string public constant NAME = \"Ledger Channel\";\n string public constant VERSION = \"0.0.1\";\n\n uint256 public numChannels = 0;\n\n event DidLCOpen (\n bytes32 indexed channelId,\n address indexed partyA,\n address indexed partyI,\n uint256 ethBalanceA,\n address token,\n uint256 tokenBalanceA,\n uint256 LCopenTimeout\n );\n\n event DidLCJoin (\n bytes32 indexed channelId,\n uint256 ethBalanceI,\n uint256 tokenBalanceI\n );\n\n event DidLCDeposit (\n bytes32 indexed channelId,\n address indexed recipient,\n uint256 deposit,\n bool isToken\n );\n\n event DidLCUpdateState (\n bytes32 indexed channelId,\n uint256 sequence,\n uint256 numOpenVc,\n uint256 ethBalanceA,\n uint256 tokenBalanceA,\n uint256 ethBalanceI,\n uint256 tokenBalanceI,\n bytes32 vcRoot,\n uint256 updateLCtimeout\n );\n\n event DidLCClose (\n bytes32 indexed channelId,\n uint256 sequence,\n uint256 ethBalanceA,\n uint256 tokenBalanceA,\n uint256 ethBalanceI,\n uint256 tokenBalanceI\n );\n\n event DidVCInit (\n bytes32 indexed lcId,\n bytes32 indexed vcId,\n bytes proof,\n uint256 sequence,\n address partyA,\n address partyB,\n uint256 balanceA,\n uint256 balanceB\n );\n\n event DidVCSettle (\n bytes32 indexed lcId,\n bytes32 indexed vcId,\n uint256 updateSeq,\n uint256 updateBalA,\n uint256 updateBalB,\n address challenger,\n uint256 updateVCtimeout\n );\n\n event DidVCClose(\n bytes32 indexed lcId,\n bytes32 indexed vcId,\n uint256 balanceA,\n uint256 balanceB\n );\n\n struct Channel {\n //TODO: figure out if it's better just to split arrays by balances/deposits instead of eth/erc20\n address[2] partyAddresses; // 0: partyA 1: partyI\n uint256[4] ethBalances; // 0: balanceA 1:balanceI 2:depositedA 3:depositedI\n uint256[4] erc20Balances; // 0: balanceA 1:balanceI 2:depositedA 3:depositedI\n uint256[2] initialDeposit; // 0: eth 1: tokens\n uint256 sequence;\n uint256 confirmTime;\n bytes32 VCrootHash;\n uint256 LCopenTimeout;\n uint256 updateLCtimeout; // when update LC times out\n bool isOpen; // true when both parties have joined\n bool isUpdateLCSettling;\n uint256 numOpenVC;\n HumanStandardToken token;\n }\n\n // virtual-channel state\n struct VirtualChannel {\n bool isClose;\n bool isInSettlementState;\n uint256 sequence;\n address challenger; // Initiator of challenge\n uint256 updateVCtimeout; // when update VC times out\n // channel state\n address partyA; // VC participant A\n address partyB; // VC participant B\n address partyI; // LC hub\n uint256[2] ethBalances;\n uint256[2] erc20Balances;\n uint256[2] bond;\n HumanStandardToken token;\n }\n\n mapping(bytes32 => VirtualChannel) public virtualChannels;\n mapping(bytes32 => Channel) public Channels;\n\n function createChannel(\n bytes32 _lcID,\n address _partyI,\n uint256 _confirmTime,\n address _token,\n uint256[2] _balances // [eth, token]\n )\n public\n payable\n {\n require(Channels[_lcID].partyAddresses[0] == address(0), \"Channel has already been created.\");\n require(_partyI != 0x0, \"No partyI address provided to LC creation\");\n require(_balances[0] >= 0 && _balances[1] >= 0, \"Balances cannot be negative\");\n // Set initial ledger channel state\n // Alice must execute this and we assume the initial state\n // to be signed from this requirement\n // Alternative is to check a sig as in joinChannel\n Channels[_lcID].partyAddresses[0] = msg.sender;\n Channels[_lcID].partyAddresses[1] = _partyI;\n\n if(_balances[0] != 0) {\n require(msg.value == _balances[0], \"Eth balance does not match sent value\");\n Channels[_lcID].ethBalances[0] = msg.value;\n }\n if(_balances[1] != 0) {\n Channels[_lcID].token = HumanStandardToken(_token);\n require(Channels[_lcID].token.transferFrom(msg.sender, this, _balances[1]),\"CreateChannel: token transfer failure\");\n Channels[_lcID].erc20Balances[0] = _balances[1];\n }\n\n Channels[_lcID].sequence = 0;\n Channels[_lcID].confirmTime = _confirmTime;\n // is close flag, lc state sequence, number open vc, vc root hash, partyA...\n //Channels[_lcID].stateHash = keccak256(uint256(0), uint256(0), uint256(0), bytes32(0x0), bytes32(msg.sender), bytes32(_partyI), balanceA, balanceI);\n Channels[_lcID].LCopenTimeout = now + _confirmTime;\n Channels[_lcID].initialDeposit = _balances;\n\n emit DidLCOpen(_lcID, msg.sender, _partyI, _balances[0], _token, _balances[1], Channels[_lcID].LCopenTimeout);\n }\n\n function LCOpenTimeout(bytes32 _lcID) public {\n require(msg.sender == Channels[_lcID].partyAddresses[0] && Channels[_lcID].isOpen == false);\n require(now > Channels[_lcID].LCopenTimeout);\n\n if(Channels[_lcID].initialDeposit[0] != 0) {\n // REENTRANCY\n Channels[_lcID].partyAddresses[0].transfer(Channels[_lcID].ethBalances[0]);\n }\n if(Channels[_lcID].initialDeposit[1] != 0) {\n // REENTRANCY\n require(Channels[_lcID].token.transfer(Channels[_lcID].partyAddresses[0], Channels[_lcID].erc20Balances[0]),\"CreateChannel: token transfer failure\");\n }\n\n emit DidLCClose(_lcID, 0, Channels[_lcID].ethBalances[0], Channels[_lcID].erc20Balances[0], 0, 0);\n\n // only safe to delete since no action was taken on this channel\n delete Channels[_lcID];\n }\n\n function joinChannel(bytes32 _lcID, uint256[2] _balances) public payable {\n // require the channel is not open yet\n require(Channels[_lcID].isOpen == false);\n require(msg.sender == Channels[_lcID].partyAddresses[1]);\n\n if(_balances[0] != 0) {\n require(msg.value == _balances[0], \"state balance does not match sent value\");\n Channels[_lcID].ethBalances[1] = msg.value;\n }\n if(_balances[1] != 0) {\n require(Channels[_lcID].token.transferFrom(msg.sender, this, _balances[1]),\"joinChannel: token transfer failure\");\n Channels[_lcID].erc20Balances[1] = _balances[1];\n }\n\n Channels[_lcID].initialDeposit[0]+=_balances[0];\n Channels[_lcID].initialDeposit[1]+=_balances[1];\n // no longer allow joining functions to be called\n Channels[_lcID].isOpen = true;\n numChannels++;\n\n emit DidLCJoin(_lcID, _balances[0], _balances[1]);\n }\n\n\n // additive updates of monetary state\n // TODO check this for attack vectors\n function deposit(bytes32 _lcID, address recipient, uint256 _balance, bool isToken) public payable {\n require(Channels[_lcID].isOpen == true, \"Tried adding funds to a closed channel\");\n require(recipient == Channels[_lcID].partyAddresses[0] || recipient == Channels[_lcID].partyAddresses[1]);\n\n //if(Channels[_lcID].token)\n\n if (Channels[_lcID].partyAddresses[0] == recipient) {\n if(isToken) {\n require(Channels[_lcID].token.transferFrom(msg.sender, this, _balance),\"deposit: token transfer failure\");\n Channels[_lcID].erc20Balances[2] += _balance;\n } else {\n require(msg.value == _balance, \"state balance does not match sent value\");\n Channels[_lcID].ethBalances[2] += msg.value;\n }\n }\n\n if (Channels[_lcID].partyAddresses[1] == recipient) {\n if(isToken) {\n require(Channels[_lcID].token.transferFrom(msg.sender, this, _balance),\"deposit: token transfer failure\");\n Channels[_lcID].erc20Balances[3] += _balance;\n } else {\n require(msg.value == _balance, \"state balance does not match sent value\");\n Channels[_lcID].ethBalances[3] += msg.value;\n }\n }\n\n emit DidLCDeposit(_lcID, recipient, _balance, isToken);\n }\n\n // TODO: Check there are no open virtual channels, the client should have cought this before signing a close LC state update\n function consensusCloseChannel(\n bytes32 _lcID,\n uint256 _sequence,\n uint256[4] _balances, // 0: ethBalanceA 1:ethBalanceI 2:tokenBalanceA 3:tokenBalanceI\n string _sigA,\n string _sigI\n )\n public\n {\n // assume num open vc is 0 and root hash is 0x0\n //require(Channels[_lcID].sequence < _sequence);\n require(Channels[_lcID].isOpen == true);\n uint256 totalEthDeposit = Channels[_lcID].initialDeposit[0] + Channels[_lcID].ethBalances[2] + Channels[_lcID].ethBalances[3];\n uint256 totalTokenDeposit = Channels[_lcID].initialDeposit[1] + Channels[_lcID].erc20Balances[2] + Channels[_lcID].erc20Balances[3];\n require(totalEthDeposit == _balances[0] + _balances[1]);\n require(totalTokenDeposit == _balances[2] + _balances[3]);\n\n bytes32 _state = keccak256(\n abi.encodePacked(\n _lcID,\n true,\n _sequence,\n uint256(0),\n bytes32(0x0),\n Channels[_lcID].partyAddresses[0],\n Channels[_lcID].partyAddresses[1],\n _balances[0],\n _balances[1],\n _balances[2],\n _balances[3]\n )\n );\n\n require(Channels[_lcID].partyAddresses[0] == ECTools.recoverSigner(_state, _sigA));\n require(Channels[_lcID].partyAddresses[1] == ECTools.recoverSigner(_state, _sigI));\n\n Channels[_lcID].isOpen = false;\n\n if(_balances[0] != 0 || _balances[1] != 0) {\n Channels[_lcID].partyAddresses[0].transfer(_balances[0]);\n Channels[_lcID].partyAddresses[1].transfer(_balances[1]);\n }\n\n if(_balances[2] != 0 || _balances[3] != 0) {\n require(Channels[_lcID].token.transfer(Channels[_lcID].partyAddresses[0], _balances[2]),\"happyCloseChannel: token transfer failure\");\n require(Channels[_lcID].token.transfer(Channels[_lcID].partyAddresses[1], _balances[3]),\"happyCloseChannel: token transfer failure\");\n }\n\n numChannels--;\n\n emit DidLCClose(_lcID, _sequence, _balances[0], _balances[1], _balances[2], _balances[3]);\n }\n\n // Byzantine functions\n\n function updateLCstate(\n bytes32 _lcID,\n uint256[6] updateParams, // [sequence, numOpenVc, ethbalanceA, ethbalanceI, tokenbalanceA, tokenbalanceI]\n bytes32 _VCroot,\n string _sigA,\n string _sigI\n )\n public\n {\n Channel storage channel = Channels[_lcID];\n require(channel.isOpen);\n require(channel.sequence < updateParams[0]); // do same as vc sequence check\n require(channel.ethBalances[0] + channel.ethBalances[1] >= updateParams[2] + updateParams[3]);\n require(channel.erc20Balances[0] + channel.erc20Balances[1] >= updateParams[4] + updateParams[5]);\n\n if(channel.isUpdateLCSettling == true) {\n require(channel.updateLCtimeout > now);\n }\n\n bytes32 _state = keccak256(\n abi.encodePacked(\n _lcID,\n false,\n updateParams[0],\n updateParams[1],\n _VCroot,\n channel.partyAddresses[0],\n channel.partyAddresses[1],\n updateParams[2],\n updateParams[3],\n updateParams[4],\n updateParams[5]\n )\n );\n\n require(channel.partyAddresses[0] == ECTools.recoverSigner(_state, _sigA));\n require(channel.partyAddresses[1] == ECTools.recoverSigner(_state, _sigI));\n\n // update LC state\n channel.sequence = updateParams[0];\n channel.numOpenVC = updateParams[1];\n channel.ethBalances[0] = updateParams[2];\n channel.ethBalances[1] = updateParams[3];\n channel.erc20Balances[0] = updateParams[4];\n channel.erc20Balances[1] = updateParams[5];\n channel.VCrootHash = _VCroot;\n channel.isUpdateLCSettling = true;\n channel.updateLCtimeout = now + channel.confirmTime;\n\n // make settlement flag\n\n emit DidLCUpdateState (\n _lcID,\n updateParams[0],\n updateParams[1],\n updateParams[2],\n updateParams[3],\n updateParams[4],\n updateParams[5],\n _VCroot,\n channel.updateLCtimeout\n );\n }\n\n // supply initial state of VC to \"prime\" the force push game\n function initVCstate(\n bytes32 _lcID,\n bytes32 _vcID,\n bytes _proof,\n address _partyA,\n address _partyB,\n uint256[2] _bond,\n uint256[4] _balances, // 0: ethBalanceA 1:ethBalanceI 2:tokenBalanceA 3:tokenBalanceI\n string sigA\n )\n public\n {\n require(Channels[_lcID].isOpen, \"LC is closed.\");\n // sub-channel must be open\n require(!virtualChannels[_vcID].isClose, \"VC is closed.\");\n // Check time has passed on updateLCtimeout and has not passed the time to store a vc state\n require(Channels[_lcID].updateLCtimeout < now, \"LC timeout not over.\");\n // prevent rentry of initializing vc state\n require(virtualChannels[_vcID].updateVCtimeout == 0);\n // partyB is now Ingrid\n bytes32 _initState = keccak256(\n abi.encodePacked(_vcID, uint256(0), _partyA, _partyB, _bond[0], _bond[1], _balances[0], _balances[1], _balances[2], _balances[3])\n );\n\n // Make sure Alice has signed initial vc state (A/B in oldState)\n require(_partyA == ECTools.recoverSigner(_initState, sigA));\n\n // Check the oldState is in the root hash\n require(_isContained(_initState, _proof, Channels[_lcID].VCrootHash) == true);\n\n virtualChannels[_vcID].partyA = _partyA; // VC participant A\n virtualChannels[_vcID].partyB = _partyB; // VC participant B\n virtualChannels[_vcID].sequence = uint256(0);\n virtualChannels[_vcID].ethBalances[0] = _balances[0];\n virtualChannels[_vcID].ethBalances[1] = _balances[1];\n virtualChannels[_vcID].erc20Balances[0] = _balances[2];\n virtualChannels[_vcID].erc20Balances[1] = _balances[3];\n virtualChannels[_vcID].bond = _bond;\n virtualChannels[_vcID].updateVCtimeout = now + Channels[_lcID].confirmTime;\n virtualChannels[_vcID].isInSettlementState = true;\n\n emit DidVCInit(_lcID, _vcID, _proof, uint256(0), _partyA, _partyB, _balances[0], _balances[1]);\n }\n\n //TODO: verify state transition since the hub did not agree to this state\n // make sure the A/B balances are not beyond ingrids bonds\n // Params: vc init state, vc final balance, vcID\n function settleVC(\n bytes32 _lcID,\n bytes32 _vcID,\n uint256 updateSeq,\n address _partyA,\n address _partyB,\n uint256[4] updateBal, // [ethupdateBalA, ethupdateBalB, tokenupdateBalA, tokenupdateBalB]\n string sigA\n )\n public\n {\n require(Channels[_lcID].isOpen, \"LC is closed.\");\n // sub-channel must be open\n require(!virtualChannels[_vcID].isClose, \"VC is closed.\");\n require(virtualChannels[_vcID].sequence < updateSeq, \"VC sequence is higher than update sequence.\");\n require(\n virtualChannels[_vcID].ethBalances[1] < updateBal[1] && virtualChannels[_vcID].erc20Balances[1] < updateBal[3],\n \"State updates may only increase recipient balance.\"\n );\n require(\n virtualChannels[_vcID].bond[0] == updateBal[0] + updateBal[1] &&\n virtualChannels[_vcID].bond[1] == updateBal[2] + updateBal[3],\n \"Incorrect balances for bonded amount\");\n // Check time has passed on updateLCtimeout and has not passed the time to store a vc state\n // virtualChannels[_vcID].updateVCtimeout should be 0 on uninitialized vc state, and this should\n // fail if initVC() isn't called first\n // require(Channels[_lcID].updateLCtimeout < now && now < virtualChannels[_vcID].updateVCtimeout);\n require(Channels[_lcID].updateLCtimeout < now); // for testing!\n\n bytes32 _updateState = keccak256(\n abi.encodePacked(\n _vcID,\n updateSeq,\n _partyA,\n _partyB,\n virtualChannels[_vcID].bond[0],\n virtualChannels[_vcID].bond[1],\n updateBal[0],\n updateBal[1],\n updateBal[2],\n updateBal[3]\n )\n );\n\n // Make sure Alice has signed a higher sequence new state\n require(virtualChannels[_vcID].partyA == ECTools.recoverSigner(_updateState, sigA));\n\n // store VC data\n // we may want to record who is initiating on-chain settles\n virtualChannels[_vcID].challenger = msg.sender;\n virtualChannels[_vcID].sequence = updateSeq;\n\n // channel state\n virtualChannels[_vcID].ethBalances[0] = updateBal[0];\n virtualChannels[_vcID].ethBalances[1] = updateBal[1];\n virtualChannels[_vcID].erc20Balances[0] = updateBal[2];\n virtualChannels[_vcID].erc20Balances[1] = updateBal[3];\n\n virtualChannels[_vcID].updateVCtimeout = now + Channels[_lcID].confirmTime;\n\n emit DidVCSettle(_lcID, _vcID, updateSeq, updateBal[0], updateBal[1], msg.sender, virtualChannels[_vcID].updateVCtimeout);\n }\n\n function closeVirtualChannel(bytes32 _lcID, bytes32 _vcID) public {\n // require(updateLCtimeout > now)\n require(Channels[_lcID].isOpen, \"LC is closed.\");\n require(virtualChannels[_vcID].isInSettlementState, \"VC is not in settlement state.\");\n require(virtualChannels[_vcID].updateVCtimeout < now, \"Update vc timeout has not elapsed.\");\n require(!virtualChannels[_vcID].isClose, \"VC is already closed\");\n // reduce the number of open virtual channels stored on LC\n Channels[_lcID].numOpenVC--;\n // close vc flags\n virtualChannels[_vcID].isClose = true;\n // re-introduce the balances back into the LC state from the settled VC\n // decide if this lc is alice or bob in the vc\n if(virtualChannels[_vcID].partyA == Channels[_lcID].partyAddresses[0]) {\n Channels[_lcID].ethBalances[0] += virtualChannels[_vcID].ethBalances[0];\n Channels[_lcID].ethBalances[1] += virtualChannels[_vcID].ethBalances[1];\n\n Channels[_lcID].erc20Balances[0] += virtualChannels[_vcID].erc20Balances[0];\n Channels[_lcID].erc20Balances[1] += virtualChannels[_vcID].erc20Balances[1];\n } else if (virtualChannels[_vcID].partyB == Channels[_lcID].partyAddresses[0]) {\n Channels[_lcID].ethBalances[0] += virtualChannels[_vcID].ethBalances[1];\n Channels[_lcID].ethBalances[1] += virtualChannels[_vcID].ethBalances[0];\n\n Channels[_lcID].erc20Balances[0] += virtualChannels[_vcID].erc20Balances[1];\n Channels[_lcID].erc20Balances[1] += virtualChannels[_vcID].erc20Balances[0];\n }\n\n emit DidVCClose(_lcID, _vcID, virtualChannels[_vcID].erc20Balances[0], virtualChannels[_vcID].erc20Balances[1]);\n }\n\n\n // todo: allow ethier lc.end-user to nullify the settled LC state and return to off-chain\n function byzantineCloseChannel(bytes32 _lcID) public {\n Channel storage channel = Channels[_lcID];\n\n // check settlement flag\n require(channel.isOpen, \"Channel is not open\");\n require(channel.isUpdateLCSettling == true);\n require(channel.numOpenVC == 0);\n require(channel.updateLCtimeout < now, \"LC timeout over.\");\n\n // if off chain state update didnt reblance deposits, just return to deposit owner\n uint256 totalEthDeposit = channel.initialDeposit[0] + channel.ethBalances[2] + channel.ethBalances[3];\n uint256 totalTokenDeposit = channel.initialDeposit[1] + channel.erc20Balances[2] + channel.erc20Balances[3];\n\n uint256 possibleTotalEthBeforeDeposit = channel.ethBalances[0] + channel.ethBalances[1];\n uint256 possibleTotalTokenBeforeDeposit = channel.erc20Balances[0] + channel.erc20Balances[1];\n\n if(possibleTotalEthBeforeDeposit < totalEthDeposit) {\n channel.ethBalances[0]+=channel.ethBalances[2];\n channel.ethBalances[1]+=channel.ethBalances[3];\n } else {\n require(possibleTotalEthBeforeDeposit == totalEthDeposit);\n }\n\n if(possibleTotalTokenBeforeDeposit < totalTokenDeposit) {\n channel.erc20Balances[0]+=channel.erc20Balances[2];\n channel.erc20Balances[1]+=channel.erc20Balances[3];\n } else {\n require(possibleTotalTokenBeforeDeposit == totalTokenDeposit);\n }\n\n // reentrancy\n uint256 ethbalanceA = channel.ethBalances[0];\n uint256 ethbalanceI = channel.ethBalances[1];\n uint256 tokenbalanceA = channel.erc20Balances[0];\n uint256 tokenbalanceI = channel.erc20Balances[1];\n\n channel.ethBalances[0] = 0;\n channel.ethBalances[1] = 0;\n channel.erc20Balances[0] = 0;\n channel.erc20Balances[1] = 0;\n\n if(ethbalanceA != 0 || ethbalanceI != 0) {\n channel.partyAddresses[0].transfer(ethbalanceA);\n channel.partyAddresses[1].transfer(ethbalanceI);\n }\n\n if(tokenbalanceA != 0 || tokenbalanceI != 0) {\n require(\n channel.token.transfer(channel.partyAddresses[0], tokenbalanceA),\n \"byzantineCloseChannel: token transfer failure\"\n );\n require(\n channel.token.transfer(channel.partyAddresses[1], tokenbalanceI),\n \"byzantineCloseChannel: token transfer failure\"\n );\n }\n\n channel.isOpen = false;\n numChannels--;\n\n emit DidLCClose(_lcID, channel.sequence, ethbalanceA, ethbalanceI, tokenbalanceA, tokenbalanceI);\n }\n\n function _isContained(bytes32 _hash, bytes _proof, bytes32 _root) internal pure returns (bool) {\n bytes32 cursor = _hash;\n bytes32 proofElem;\n\n for (uint256 i = 64; i <= _proof.length; i += 32) {\n assembly { proofElem := mload(add(_proof, i)) }\n\n if (cursor < proofElem) {\n cursor = keccak256(abi.encodePacked(cursor, proofElem));\n } else {\n cursor = keccak256(abi.encodePacked(proofElem, cursor));\n }\n }\n\n return cursor == _root;\n }\n\n //Struct Getters\n function getChannel(bytes32 id) public view returns (\n address[2],\n uint256[4],\n uint256[4],\n uint256[2],\n uint256,\n uint256,\n bytes32,\n uint256,\n uint256,\n bool,\n bool,\n uint256\n ) {\n Channel memory channel = Channels[id];\n return (\n channel.partyAddresses,\n channel.ethBalances,\n channel.erc20Balances,\n channel.initialDeposit,\n channel.sequence,\n channel.confirmTime,\n channel.VCrootHash,\n channel.LCopenTimeout,\n channel.updateLCtimeout,\n channel.isOpen,\n channel.isUpdateLCSettling,\n channel.numOpenVC\n );\n }\n\n function getVirtualChannel(bytes32 id) public view returns(\n bool,\n bool,\n uint256,\n address,\n uint256,\n address,\n address,\n address,\n uint256[2],\n uint256[2],\n uint256[2]\n ) {\n VirtualChannel memory virtualChannel = virtualChannels[id];\n return(\n virtualChannel.isClose,\n virtualChannel.isInSettlementState,\n virtualChannel.sequence,\n virtualChannel.challenger,\n virtualChannel.updateVCtimeout,\n virtualChannel.partyA,\n virtualChannel.partyB,\n virtualChannel.partyI,\n virtualChannel.ethBalances,\n virtualChannel.erc20Balances,\n virtualChannel.bond\n );\n }\n }\n" + }, + { + "contract": "0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3.sol", + "label": "reentrancy", + "code": "/*\n * @source: etherscan.io \n * @author: -\n * @vulnerable_at_lines: 29\n */\n\npragma solidity ^0.4.25;\n\ncontract W_WALLET\n{\n function Put(uint _unlockTime)\n public\n payable\n {\n var acc = Acc[msg.sender];\n acc.balance += msg.value;\n acc.unlockTime = _unlockTime>now?_unlockTime:now;\n LogFile.AddMessage(msg.sender,msg.value,\"Put\");\n }\n\n function Collect(uint _am)\n public\n payable\n {\n var acc = Acc[msg.sender];\n if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime)\n {\n // REENTRANCY\n if(msg.sender.call.value(_am)())\n {\n acc.balance-=_am;\n LogFile.AddMessage(msg.sender,_am,\"Collect\");\n }\n }\n }\n\n function() \n public \n payable\n {\n Put(0);\n }\n\n struct Holder \n {\n uint unlockTime;\n uint balance;\n }\n\n mapping (address => Holder) public Acc;\n\n Log LogFile;\n\n uint public MinSum = 1 ether; \n\n function W_WALLET(address log) public{\n LogFile = Log(log);\n }\n}\n\n\ncontract Log \n{\n struct Message\n {\n address Sender;\n string Data;\n uint Val;\n uint Time;\n }\n\n Message[] public History;\n\n Message LastMsg;\n\n function AddMessage(address _adr,uint _val,string _data)\n public\n {\n LastMsg.Sender = _adr;\n LastMsg.Time = now;\n LastMsg.Val = _val;\n LastMsg.Data = _data;\n History.push(LastMsg);\n }\n}" + }, + { + "contract": "buggy_2.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.1;\n\ncontract CareerOnToken {\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Approval(address indexed a_owner, address indexed _spender, uint256 _value);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event OwnerChang(address indexed _old,address indexed _new,uint256 _coin_change);\n \n mapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n uint256 public totalSupply; \n mapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n string public name; //\u540d\u79f0\uff0c\u4f8b\u5982\"My test token\"\n mapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n uint8 public decimals; //\u8fd4\u56detoken\u4f7f\u7528\u7684\u5c0f\u6570\u70b9\u540e\u51e0\u4f4d\u3002\u6bd4\u5982\u5982\u679c\u8bbe\u7f6e\u4e3a3\uff0c\u5c31\u662f\u652f\u63010.001\u8868\u793a.\n bool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n string public symbol; //token\u7b80\u79f0,like MTT\n mapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n address public owner;\n mapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n mapping (address => uint256) public balances;\n mapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n mapping (address => mapping (address => uint256)) public allowed;\n \n\t//\u5982\u679c\u901a\u8fc7\u51fd\u6570setPauseStatus\u8bbe\u7f6e\u8fd9\u4e2a\u53d8\u91cf\u4e3aTRUE\uff0c\u5219\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\u90fd\u4f1a\u5931\u8d25\n uint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n bool isTransPaused=false;\n \n constructor(\n uint256 _initialAmount,\n uint8 _decimalUnits) public \n {\n owner=msg.sender;//\u8bb0\u5f55\u5408\u7ea6\u7684owner\n\t\tif(_initialAmount<=0){\n\t\t totalSupply = 100000000000000000; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=totalSupply;\n\t\t}else{\n\t\t totalSupply = _initialAmount; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=_initialAmount;\n\t\t}\n\t\tif(_decimalUnits<=0){\n\t\t decimals=2;\n\t\t}else{\n\t\t decimals = _decimalUnits;\n\t\t}\n name = \"CareerOn Chain Token\"; \n symbol = \"COT\";\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n \n \n function transfer(\n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to]\n );\n \n balances[msg.sender] -= _value;//\u4ece\u6d88\u606f\u53d1\u9001\u8005\u8d26\u6237\u4e2d\u51cf\u53bbtoken\u6570\u91cf_value\n balances[_to] += _value;//\u5f80\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n\t\tif(msg.sender==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(msg.sender, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n\n function transferFrom(\n address _from, \n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to] &&\n allowed[_from][msg.sender] >= _value\n );\n \n balances[_to] += _value;//\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n balances[_from] -= _value; //\u652f\u51fa\u8d26\u6237_from\u51cf\u53bbtoken\u6570\u91cf_value\n allowed[_from][msg.sender] -= _value;//\u6d88\u606f\u53d1\u9001\u8005\u53ef\u4ee5\u4ece\u8d26\u6237_from\u4e2d\u8f6c\u51fa\u7684\u6570\u91cf\u51cf\u5c11_value\n if(_from==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(_from, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function approve(address _spender, uint256 _value) public returns (bool success) \n { \n assert(msg.sender!=_spender && _value>0);\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n function allowance(\n address _owner, \n address _spender) public view returns (uint256 remaining) \n {\n return allowed[_owner][_spender];//\u5141\u8bb8_spender\u4ece_owner\u4e2d\u8f6c\u51fa\u7684token\u6570\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\t\n\t//\u4ee5\u4e0b\u4e3a\u672c\u4ee3\u5e01\u534f\u8bae\u7684\u7279\u6b8a\u903b\u8f91\n\t//\u8f6c\u79fb\u534f\u8bae\u6240\u6709\u6743\u5e76\u5c06\u9644\u5e26\u7684\u4ee3\u5e01\u4e00\u5e76\u8f6c\u79fb\u8fc7\u53bb\n\tfunction changeOwner(address newOwner) public{\n assert(msg.sender==owner && msg.sender!=newOwner);\n balances[newOwner]=balances[owner];\n balances[owner]=0;\n owner=newOwner;\n emit OwnerChang(msg.sender,newOwner,balances[owner]);//\u89e6\u53d1\u5408\u7ea6\u6240\u6709\u6743\u7684\u8f6c\u79fb\u4e8b\u4ef6\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n \n\t//isPaused\u4e3atrue\u5219\u6682\u505c\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\n function setPauseStatus(bool isPaused)public{\n assert(msg.sender==owner);\n isTransPaused=isPaused;\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n \n\t//\u4fee\u6539\u5408\u7ea6\u540d\u5b57\n function changeContractName(string memory _newName,string memory _newSymbol) public {\n assert(msg.sender==owner);\n name=_newName;\n symbol=_newSymbol;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n \n \n function () external payable {\n revert();\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}\n" + }, + { + "contract": "buggy_18.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-28\n*/\n\npragma solidity ^0.5.9;\n \n// 'Yesbuzz' contract\n// Mineable & Deflationary ERC20 Token using Proof Of Work\n//\n// Symbol : YESBUZ\n// Name : Yesbuzz \n// Total supply: 21,000,000.00\n// Decimals : 8\n//\n// ----------------------------------------------------------------------------\n\n// ----------------------------------------------------------------------------\n// Safe maths\n// ----------------------------------------------------------------------------\n\nlibrary SafeMath {\n\n function add(uint a, uint b) internal pure returns(uint c) {\n c = a + b;\n require(c >= a);\n }\n\n function sub(uint a, uint b) internal pure returns(uint c) {\n require(b <= a);\n c = a - b;\n }\n\n function mul(uint a, uint b) internal pure returns(uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\n\n function div(uint a, uint b) internal pure returns(uint c) {\n require(b > 0);\n c = a / b;\n }\n\n}\n\nlibrary ExtendedMath {\n\n //return the smaller of the two inputs (a or b)\n function limitLessThan(uint a, uint b) internal pure returns(uint c) {\n if (a > b) return b;\n return a;\n }\n}\n\n// ----------------------------------------------------------------------------\n// ERC Token Standard #20 Interface\n// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n// ----------------------------------------------------------------------------\n\ncontract ERC20Interface {\n\n function totalSupply() public view returns(uint);\nuint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n function balanceOf(address tokenOwner) public view returns(uint balance);\nmapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n function allowance(address tokenOwner, address spender) public view returns(uint remaining);\nmapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n function transfer(address to, uint tokens) public returns(bool success);\nmapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n function approve(address spender, uint tokens) public returns(bool success);\nmapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n function transferFrom(address from, address to, uint tokens) public returns(bool success);\nmapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n mapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event Transfer(address indexed from, address indexed to, uint tokens);\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n\n}\n\n// ----------------------------------------------------------------------------\n// Contract function to receive approval and execute function in one call\n//\n// Borrowed from MiniMeToken\n// ----------------------------------------------------------------------------\n\ncontract ApproveAndCallFallBack {\n\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n\n}\n\n// ----------------------------------------------------------------------------\n// Owned contract\n// ----------------------------------------------------------------------------\n\ncontract Owned {\n\n address public owner;\n address public newOwner;\n\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n\n}\n\n// ----------------------------------------------------------------------------\n// ERC20 Token, with the addition of symbol, name and decimals and an\n// initial fixed supply\n// ----------------------------------------------------------------------------\n\ncontract _Yesbuzz is ERC20Interface, Owned {\n\n using SafeMath for uint;\n using ExtendedMath for uint;\n\n string public symbol;\n string public name;\n uint8 public decimals;\n uint public _totalSupply;\n uint public latestDifficultyPeriodStarted;\n uint public epochCount; //number of 'blocks' mined\n uint public _BLOCKS_PER_READJUSTMENT = 1024;\n\n //a little number\n uint public _MINIMUM_TARGET = 2 ** 16;\n\n //a big number is easier ; just find a solution that is smaller\n //uint public _MAXIMUM_TARGET = 2**224; bitcoin uses 224\n uint public _MAXIMUM_TARGET = 2 ** 234;\n uint public miningTarget;\n bytes32 public challengeNumber; //generate a new one when a new reward is minted\n uint public rewardEra;\n mapping(address => uint) redeemableEther_re_ent18;\nfunction claimReward_re_ent18() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent18[msg.sender] > 0);\n uint transferValue_re_ent18 = redeemableEther_re_ent18[msg.sender];\n msg.sender.transfer(transferValue_re_ent18); //bug\n redeemableEther_re_ent18[msg.sender] = 0;\n }\n uint public maxSupplyForEra;\n mapping(address => uint) balances_re_ent29;\n function withdraw_balances_re_ent29 () public {\n if (msg.sender.send(balances_re_ent29[msg.sender ]))\n balances_re_ent29[msg.sender] = 0;\n }\n address public lastRewardTo;\n bool not_called_re_ent6 = true;\nfunction bug_re_ent6() public{\n require(not_called_re_ent6);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent6 = false;\n }\n uint public lastRewardAmount;\n address payable lastPlayer_re_ent16;\n uint jackpot_re_ent16;\n\t function buyTicket_re_ent16() public{\n\t if (!(lastPlayer_re_ent16.send(jackpot_re_ent16)))\n revert();\n lastPlayer_re_ent16 = msg.sender;\n jackpot_re_ent16 = address(this).balance;\n }\n uint public lastRewardEthBlockNumber;\n mapping(address => uint) balances_re_ent24;\nfunction withdrawFunds_re_ent24 (uint256 _weiToWithdraw) public {\n require(balances_re_ent24[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent24[msg.sender] -= _weiToWithdraw;\n }\n bool locked = false;\n mapping(address => uint) userBalance_re_ent5;\nfunction withdrawBalance_re_ent5() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent5[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent5[msg.sender] = 0;\n }\n mapping(bytes32 => bytes32) solutionForChallenge;\n mapping(address => uint) balances_re_ent15;\n function withdraw_balances_re_ent15 () public {\n if (msg.sender.send(balances_re_ent15[msg.sender ]))\n balances_re_ent15[msg.sender] = 0;\n }\n uint public tokensMinted;\n mapping(address => uint) balances;\n uint256 counter_re_ent28 =0;\nfunction callme_re_ent28() public{\n require(counter_re_ent28<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent28 += 1;\n }\n mapping(address => mapping(address => uint)) allowed;\n bool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n uint public burnPercent;\n\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Mint(address indexed from, uint reward_amount, uint epochCount, bytes32 newChallengeNumber);\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n\n constructor() public onlyOwner {\n\n symbol = \"YESBUZ\";\n name = \"Yesbuzz\";\n decimals = 8;\n _totalSupply = 21000000 * 10 ** uint(decimals);\n if (locked) revert();\n locked = true;\n tokensMinted = 0;\n rewardEra = 0;\n maxSupplyForEra = _totalSupply.div(2);\n miningTarget = _MAXIMUM_TARGET;\n latestDifficultyPeriodStarted = block.number;\n burnPercent = 10; //it's divided by 1000, then 10/1000 = 0.01 = 1%\n _startNewMiningEpoch();\n\n //The owner gets nothing! You must mine this ERC20 token\n //balances[owner] = _totalSupply;\n //Transfer(address(0), owner, _totalSupply);\n\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n function mint(uint256 nonce, bytes32 challenge_digest) public returns(bool success) {\n //the PoW must contain work that includes a recent ethereum block hash (challenge number) and the msg.sender's address to prevent MITM attacks\n bytes32 digest = keccak256(abi.encodePacked(challengeNumber, msg.sender, nonce));\n //the challenge digest must match the expected\n if (digest != challenge_digest) revert();\n //the digest must be smaller than the target\n if (uint256(digest) > miningTarget) revert();\n //only allow one reward for each challenge\n bytes32 solution = solutionForChallenge[challengeNumber];\n solutionForChallenge[challengeNumber] = digest;\n if (solution != 0x0) revert(); //prevent the same answer from awarding twice\n uint reward_amount = getMiningReward();\n balances[msg.sender] = balances[msg.sender].add(reward_amount);\n tokensMinted = tokensMinted.add(reward_amount);\n //Cannot mint more tokens than there are\n assert(tokensMinted <= maxSupplyForEra);\n //set readonly diagnostics data\n lastRewardTo = msg.sender;\n lastRewardAmount = reward_amount;\n lastRewardEthBlockNumber = block.number;\n _startNewMiningEpoch();\n emit Mint(msg.sender, reward_amount, epochCount, challengeNumber);\n return true;\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n //a new 'block' to be mined\n function _startNewMiningEpoch() internal {\n //if max supply for the era will be exceeded next reward round then enter the new era before that happens\n //40 is the final reward era, almost all tokens minted\n //once the final era is reached, more tokens will not be given out because the assert function\n if (tokensMinted.add(getMiningReward()) > maxSupplyForEra && rewardEra < 39) {\n rewardEra = rewardEra + 1;\n }\n //set the next minted supply at which the era will change\n // total supply is 2100000000000000 because of 8 decimal places\n maxSupplyForEra = _totalSupply - _totalSupply.div(2 ** (rewardEra + 1));\n epochCount = epochCount.add(1);\n //every so often, readjust difficulty. Dont readjust when deploying\n if (epochCount % _BLOCKS_PER_READJUSTMENT == 0) {\n _reAdjustDifficulty();\n }\n //make the latest ethereum block hash a part of the next challenge for PoW to prevent pre-mining future blocks\n //do this last since this is a protection mechanism in the mint() function\n challengeNumber = blockhash(block.number - 1);\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n //https://en.bitcoin.it/wiki/Difficulty#What_is_the_formula_for_difficulty.3F\n //as of 2017 the bitcoin difficulty was up to 17 zeroes, it was only 8 in the early days\n //readjust the target by 5 percent\n function _reAdjustDifficulty() internal {\n uint ethBlocksSinceLastDifficultyPeriod = block.number - latestDifficultyPeriodStarted;\n //assume 360 ethereum blocks per hour\n //we want miners to spend 10 minutes to mine each 'block', about 60 ethereum blocks = one BitcoinSoV epoch\n uint epochsMined = _BLOCKS_PER_READJUSTMENT; //256\n uint targetEthBlocksPerDiffPeriod = epochsMined * 60; //should be 60 times slower than ethereum\n //if there were less eth blocks passed in time than expected\n if (ethBlocksSinceLastDifficultyPeriod < targetEthBlocksPerDiffPeriod) {\n uint excess_block_pct = (targetEthBlocksPerDiffPeriod.mul(100)).div(ethBlocksSinceLastDifficultyPeriod);\n uint excess_block_pct_extra = excess_block_pct.sub(100).limitLessThan(1000);\n // If there were 5% more blocks mined than expected then this is 5. If there were 100% more blocks mined than expected then this is 100.\n //make it harder\n miningTarget = miningTarget.sub(miningTarget.div(2000).mul(excess_block_pct_extra)); //by up to 50 %\n } else {\n uint shortage_block_pct = (ethBlocksSinceLastDifficultyPeriod.mul(100)).div(targetEthBlocksPerDiffPeriod);\n uint shortage_block_pct_extra = shortage_block_pct.sub(100).limitLessThan(1000); //always between 0 and 1000\n //make it easier\n miningTarget = miningTarget.add(miningTarget.div(2000).mul(shortage_block_pct_extra)); //by up to 50 %\n }\n latestDifficultyPeriodStarted = block.number;\n if (miningTarget < _MINIMUM_TARGET) //very difficult\n {\n miningTarget = _MINIMUM_TARGET;\n }\n if (miningTarget > _MAXIMUM_TARGET) //very easy\n {\n miningTarget = _MAXIMUM_TARGET;\n }\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n //this is a recent ethereum block hash, used to prevent pre-mining future blocks\n function getChallengeNumber() public view returns(bytes32) {\n return challengeNumber;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n //the number of zeroes the digest of the PoW solution requires. Auto adjusts\n function getMiningDifficulty() public view returns(uint) {\n return _MAXIMUM_TARGET.div(miningTarget);\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n\n function getMiningTarget() public view returns(uint) {\n return miningTarget;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n //21m coins total\n //reward begins at 50 and is cut in half every reward era (as tokens are mined)\n function getMiningReward() public view returns(uint) {\n //once we get half way thru the coins, only get 25 per block\n //every reward era, the reward amount halves.\n return (50 * 10 ** uint(decimals)).div(2 ** rewardEra);\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n //help debug mining software\n function getMintDigest(uint256 nonce, bytes32 challenge_number) public view returns(bytes32 digesttest) {\n bytes32 digest = keccak256(abi.encodePacked(challenge_number, msg.sender, nonce));\n return digest;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n //help debug mining software\n function checkMintSolution(uint256 nonce, bytes32 challenge_digest, bytes32 challenge_number, uint testTarget) public view returns(bool success) {\n bytes32 digest = keccak256(abi.encodePacked(challenge_number, msg.sender, nonce));\n if (uint256(digest) > testTarget) revert();\n return (digest == challenge_digest);\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n\n function totalSupply() public view returns(uint) {\n return _totalSupply - balances[address(0)];\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n // ------------------------------------------------------------------------\n // Get the token balance for account `tokenOwner`\n // ------------------------------------------------------------------------\n\n function balanceOf(address tokenOwner) public view returns(uint balance) {\n return balances[tokenOwner];\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to `to` account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n\n function transfer(address to, uint tokens) public returns(bool success) {\n\n uint toBurn = tokens.mul(burnPercent).div(1000);\n uint toSend = tokens.sub(toBurn);\n\n balances[msg.sender] = balances[msg.sender].sub(tokens);\n\n balances[to] = balances[to].add(toSend);\n emit Transfer(msg.sender, to, toSend);\n\n balances[address(0)] = balances[address(0)].add(toBurn);\n emit Transfer(msg.sender, address(0), toBurn);\n\n return true;\n\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces\n // ------------------------------------------------------------------------\n\n function approve(address spender, uint tokens) public returns(bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n // ------------------------------------------------------------------------\n // Transfer `tokens` from the `from` account to the `to` account\n //\n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the `from` account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n\n function transferFrom(address from, address to, uint tokens) public returns(bool success) {\n uint toBurn = tokens.mul(burnPercent).div(1000);\n uint toSend = tokens.sub(toBurn);\n balances[from] = balances[from].sub(tokens);\n allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);\n balances[to] = balances[to].add(toSend);\n emit Transfer(from, to, toSend);\n balances[address(0)] = balances[address(0)].add(toBurn);\n emit Transfer(from, address(0), toBurn);\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n\n function allowance(address tokenOwner, address spender) public view returns(uint remaining) {\n return allowed[tokenOwner][spender];\n }\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account. The `spender` contract function\n // `receiveApproval(...)` is then executed\n // ------------------------------------------------------------------------\n\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns(bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n // ------------------------------------------------------------------------\n // Don't accept ETH\n // ------------------------------------------------------------------------\n\n function () external payable {\n revert();\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns(bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n}\n" + }, + { + "contract": "buggy_10.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\ncontract DocumentSigner {\n mapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n mapping(bytes32=>string) public docs;\n mapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n mapping(bytes32=>address[]) public signers;\n \n modifier validDoc(bytes32 _docHash) {\n require(bytes(docs[_docHash]).length != 0, \"Document is not submitted\");\n _;\n }\n\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Sign(bytes32 indexed _doc, address indexed _signer);\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event NewDocument(bytes32 _docHash);\n\n function submitDocument(string memory _doc) public {\n bytes32 _docHash = getHash(_doc);\n if(bytes(docs[_docHash]).length == 0) {\n docs[_docHash] = _doc;\n emit NewDocument(_docHash);\n }\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n function signDocument(bytes32 _docHash) public validDoc(_docHash){\n address[] storage _signers = signers[_docHash];\n for(uint i = 0; i < _signers.length; i++) {\n if(_signers[i] == msg.sender) return;\n }\n _signers.push(msg.sender);\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n \n function getDetail(bytes32 _docHash) public validDoc(_docHash) view returns(string memory _doc, address[] memory _signers) {\n _doc = docs[_docHash];\n _signers = signers[_docHash];\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n \n function getHash(string memory _doc) public pure returns(bytes32) {\n return keccak256(abi.encodePacked(_doc));\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n}" + }, + { + "contract": "buggy_49.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.11;\n\ncontract TAMC {\n uint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n mapping (address => uint256) public balanceOf;\n\n address payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n string public name = \"TAMC\";\n mapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n string public symbol = \"TAMC\";\n mapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n uint8 public decimals = 18;\n uint256 public totalSupply = 1000000000 * (uint256(10) ** decimals);\n\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n constructor() public {\n balanceOf[msg.sender] = totalSupply;\n emit Transfer(address(0), msg.sender, totalSupply);\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n function transfer(address to, uint256 value) public returns (bool success) {\n require(balanceOf[msg.sender] >= value);\n balanceOf[msg.sender] -= value;\n balanceOf[to] += value;\n emit Transfer(msg.sender, to, value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n mapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n mapping(address => mapping(address => uint256)) public allowance;\n\n function approve(address spender, uint256 value)\n public\n returns (bool success)\n {\n allowance[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n\n function transferFrom(address from, address to, uint256 value)\n public\n returns (bool success)\n {\n require(value <= balanceOf[from]);\n require(value <= allowance[from][msg.sender]);\n\n balanceOf[from] -= value;\n balanceOf[to] += value;\n allowance[from][msg.sender] -= value;\n emit Transfer(from, to, value);\n return true;\n }\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n}\n" + }, + { + "contract": "buggy_35.sol", + "label": "reentrancy", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.11; \n /* \n ___________________________________________________________________\n _ _ ______ \n | | / / / \n --|-/|-/-----__---/----__----__---_--_----__-------/-------__------\n |/ |/ /___) / / ' / ) / / ) /___) / / ) \n __/__|____(___ _/___(___ _(___/_/_/__/_(___ _____/______(___/__o_o_\n \n \n \n \n \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557\n \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551\u255a\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u255a\u2588\u2588\u2557 \u2588\u2588\u2554\u255d\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557 \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u255a\u2588\u2588\u2557\u2588\u2588\u2554\u255d\n \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551 \u255a\u2588\u2588\u2588\u2588\u2554\u255d \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d \u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2557 \u255a\u2588\u2588\u2588\u2554\u255d \n \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2554\u2550\u2550\u2550\u255d \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551 \u255a\u2588\u2588\u2554\u255d \u2588\u2588\u2554\u2550\u2550\u255d \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557 \u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u255d \u2588\u2588\u2554\u2588\u2588\u2557 \n \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2554\u255d \u2588\u2588\u2557\n \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\n \n \n \n \n------------------------------------------------------------------------------------------------------\n Copyright (c) 2019 Onwards Bitpayer Inc. ( https://dex.bitpayer.io )\n Contract designed with \u2764 by EtherAuthority ( https://EtherAuthority.io )\n------------------------------------------------------------------------------------------------------\n*/\n\n\n//*******************************************************************\n//------------------------ SafeMath Library -------------------------\n//*******************************************************************\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\n\n//*******************************************************************//\n//------------------ Contract to Manage Ownership -------------------//\n//*******************************************************************//\n \ncontract owned {\n bool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n address public owner;\n uint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n address private newOwner;\n\n\n mapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n event OwnershipTransferred(uint256 curTime, address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n\n function onlyOwnerTransferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n\n //this flow is to prevent transferring ownership to wrong wallet by mistake\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(now, owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n}\n\ninterface ERC20Essential \n{\n\n function transfer(address _to, uint256 _amount) external returns (bool);\n function transferFrom(address _from, address _to, uint256 _amount) external returns (bool);\n\n}\n\n\ncontract BitpayerDEX is owned {\n using SafeMath for uint256;\nmapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n bool public safeGuard; // To hault all non owner functions in case of imergency - by default false\nmapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n address public feeAccount; //the account that will receive fees\nmapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n uint public tradingFee = 50; // 50 = 0.5%\n \nmapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n mapping (address => mapping (address => uint)) public tokens; //mapping of token addresses to mapping of account balances (token=0 means Ether)\nmapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n mapping (address => mapping (bytes32 => bool)) public orders; //mapping of user accounts to mapping of order hashes to booleans (true = submitted by user, equivalent to offchain signature)\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n mapping (address => mapping (bytes32 => uint)) public orderFills; //mapping of user accounts to mapping of order hashes to uints (amount of order that has been filled)\n \nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n event Order(uint256 curTime, address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user);\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n event Cancel(uint256 curTime, address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s);\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n event Trade(uint256 curTime, address tokenGet, uint amountGet, address tokenGive, uint amountGive, address get, address give);\nbool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Deposit(uint256 curTime, address token, address user, uint amount, uint balance);\nmapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Withdraw(uint256 curTime, address token, address user, uint amount, uint balance);\nbool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event OwnerWithdrawTradingFee(address indexed owner, uint256 amount);\n\n\n\n constructor() public {\n feeAccount = msg.sender;\n }\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n\n function changeSafeguardStatus() onlyOwner public\n {\n if (safeGuard == false)\n {\n safeGuard = true;\n }\n else\n {\n safeGuard = false; \n }\n }\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n\n //Calculate percent and return result\n function calculatePercentage(uint256 PercentOf, uint256 percentTo ) internal pure returns (uint256) \n {\n uint256 factor = 10000;\n require(percentTo <= factor);\n uint256 c = PercentOf.mul(percentTo).div(factor);\n return c;\n }\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n } \n\n\n\n \n // contract without fallback automatically reject incoming ether\n // function() external { }\n\n\n function changeFeeAccount(address feeAccount_) public onlyOwner {\n feeAccount = feeAccount_;\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n function changetradingFee(uint tradingFee_) public onlyOwner{\n //require(tradingFee_ <= tradingFee);\n tradingFee = tradingFee_;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n \n function availableTradingFeeOwner() public view returns(uint256){\n //it only holds ether as fee\n return tokens[address(0)][feeAccount];\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n \n function withdrawTradingFeeOwner() public onlyOwner returns (string memory){\n uint256 amount = availableTradingFeeOwner();\n require (amount > 0, 'Nothing to withdraw');\n \n tokens[address(0)][feeAccount] = 0;\n \n msg.sender.transfer(amount);\n \n emit OwnerWithdrawTradingFee(owner, amount);\n \n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n function deposit() public payable {\n tokens[address(0)][msg.sender] = tokens[address(0)][msg.sender].add(msg.value);\n emit Deposit(now, address(0), msg.sender, msg.value, tokens[address(0)][msg.sender]);\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n function withdraw(uint amount) public {\n require(!safeGuard,\"System Paused by Admin\");\n require(tokens[address(0)][msg.sender] >= amount);\n tokens[address(0)][msg.sender] = tokens[address(0)][msg.sender].sub(amount);\n msg.sender.transfer(amount);\n emit Withdraw(now, address(0), msg.sender, amount, tokens[address(0)][msg.sender]);\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n function depositToken(address token, uint amount) public {\n //remember to call Token(address).approve(this, amount) or this contract will not be able to do the transfer on your behalf.\n require(token!=address(0));\n require(ERC20Essential(token).transferFrom(msg.sender, address(this), amount));\n tokens[token][msg.sender] = tokens[token][msg.sender].add(amount);\n emit Deposit(now, token, msg.sender, amount, tokens[token][msg.sender]);\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\t\n function withdrawToken(address token, uint amount) public {\n require(!safeGuard,\"System Paused by Admin\");\n require(token!=address(0));\n require(tokens[token][msg.sender] >= amount);\n tokens[token][msg.sender] = tokens[token][msg.sender].sub(amount);\n\t ERC20Essential(token).transfer(msg.sender, amount);\n emit Withdraw(now, token, msg.sender, amount, tokens[token][msg.sender]);\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n function balanceOf(address token, address user) public view returns (uint) {\n return tokens[token][user];\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n function order(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce) public {\n bytes32 hash = keccak256(abi.encodePacked(this, tokenGet, amountGet, tokenGive, amountGive, expires, nonce));\n orders[msg.sender][hash] = true;\n emit Order(now, tokenGet, amountGet, tokenGive, amountGive, expires, nonce, msg.sender);\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n function trade(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s, uint amount) public {\n require(!safeGuard,\"System Paused by Admin\");\n //amount is in amountGet terms\n bytes32 hash = keccak256(abi.encodePacked(this, tokenGet, amountGet, tokenGive, amountGive, expires, nonce));\n require((\n (orders[user][hash] || ecrecover(keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash)),v,r,s) == user) &&\n block.number <= expires &&\n orderFills[user][hash].add(amount) <= amountGet\n ));\n tradeBalances(tokenGet, amountGet, tokenGive, amountGive, user, amount);\n orderFills[user][hash] = orderFills[user][hash].add(amount);\n emit Trade(now, tokenGet, amount, tokenGive, amountGive * amount / amountGet, user, msg.sender);\n }\n\n function tradeBalances(address tokenGet, uint amountGet, address tokenGive, uint amountGive, address user, uint amount) internal {\n \n uint tradingFeeXfer = calculatePercentage(amount,tradingFee);\n tokens[tokenGet][msg.sender] = tokens[tokenGet][msg.sender].sub(amount.add(tradingFeeXfer));\n tokens[tokenGet][user] = tokens[tokenGet][user].add(amount.sub(tradingFeeXfer));\n tokens[address(0)][feeAccount] = tokens[address(0)][feeAccount].add(tradingFeeXfer);\n\n tokens[tokenGive][user] = tokens[tokenGive][user].sub(amountGive.mul(amount) / amountGet);\n tokens[tokenGive][msg.sender] = tokens[tokenGive][msg.sender].add(amountGive.mul(amount) / amountGet);\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function testTrade(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s, uint amount, address sender) public view returns(bool) {\n \n if (!(\n tokens[tokenGet][sender] >= amount &&\n availableVolume(tokenGet, amountGet, tokenGive, amountGive, expires, nonce, user, v, r, s) >= amount\n )) return false;\n return true;\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n function availableVolume(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s) public view returns(uint) {\n bytes32 hash = keccak256(abi.encodePacked(this, tokenGet, amountGet, tokenGive, amountGive, expires, nonce));\n uint available1;\n if (!(\n (orders[user][hash] || ecrecover(keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash)),v,r,s) == user) &&\n block.number <= expires\n )) return 0;\n available1 = tokens[tokenGive][user].mul(amountGet) / amountGive;\n \n if (amountGet.sub(orderFills[user][hash]) uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n function cancelOrder(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, uint8 v, bytes32 r, bytes32 s) public {\n require(!safeGuard,\"System Paused by Admin\");\n bytes32 hash = keccak256(abi.encodePacked(this, tokenGet, amountGet, tokenGive, amountGive, expires, nonce));\n require((orders[msg.sender][hash] || ecrecover(keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash)),v,r,s) == msg.sender));\n orderFills[msg.sender][hash] = amountGet;\n emit Cancel(now, tokenGet, amountGet, tokenGive, amountGive, expires, nonce, msg.sender, v, r, s);\n }\n}\n" + }, + { + "contract": "buggy_12.sol", + "label": "reentrancy", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b);\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0);\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a);\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a >= b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Calculates the average of two numbers. Since these are integers,\n * averages of an even and odd number cannot be represented, and will be\n * rounded down.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow, so we distribute\n return (a / 2) + (b / 2) + ((a % 2 + b % 2) / 2);\n }\n}\n\n/*** @title ERC20 interface */\ncontract ERC20 {\n function totalSupply() public view returns (uint256);\nmapping(address => uint) userBalance_re_ent12;\nfunction withdrawBalance_re_ent12() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent12[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent12[msg.sender] = 0;\n }\n function balanceOf(address _owner) public view returns (uint256);\nmapping(address => uint) redeemableEther_re_ent11;\nfunction claimReward_re_ent11() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent11[msg.sender] > 0);\n uint transferValue_re_ent11 = redeemableEther_re_ent11[msg.sender];\n msg.sender.transfer(transferValue_re_ent11); //bug\n redeemableEther_re_ent11[msg.sender] = 0;\n }\n function transfer(address _to, uint256 _value) public returns (bool);\nmapping(address => uint) balances_re_ent1;\n function withdraw_balances_re_ent1 () public {\n (bool success,) =msg.sender.call.value(balances_re_ent1[msg.sender ])(\"\");\n if (success)\n balances_re_ent1[msg.sender] = 0;\n }\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool);\nbool not_called_re_ent41 = true;\nfunction bug_re_ent41() public{\n require(not_called_re_ent41);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent41 = false;\n }\n function approve(address _spender, uint256 _value) public returns (bool);\nuint256 counter_re_ent42 =0;\nfunction callme_re_ent42() public{\n require(counter_re_ent42<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent42 += 1;\n }\n function allowance(address _owner, address _spender) public view returns (uint256);\naddress payable lastPlayer_re_ent2;\n uint jackpot_re_ent2;\n\t function buyTicket_re_ent2() public{\n\t if (!(lastPlayer_re_ent2.send(jackpot_re_ent2)))\n revert();\n lastPlayer_re_ent2 = msg.sender;\n jackpot_re_ent2 = address(this).balance;\n }\n bool not_called_re_ent27 = true;\nfunction bug_re_ent27() public{\n require(not_called_re_ent27);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent27 = false;\n }\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n mapping(address => uint) balances_re_ent31;\nfunction withdrawFunds_re_ent31 (uint256 _weiToWithdraw) public {\n require(balances_re_ent31[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent31[msg.sender] -= _weiToWithdraw;\n }\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n}\n\n/*** @title ERC223 interface */\ncontract ERC223ReceivingContract {\n function tokenFallback(address _from, uint _value, bytes memory _data) public;\nmapping(address => uint) balances_re_ent17;\nfunction withdrawFunds_re_ent17 (uint256 _weiToWithdraw) public {\n require(balances_re_ent17[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n (bool success,)=msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent17[msg.sender] -= _weiToWithdraw;\n }\n}\n\ncontract ERC223 {\n function balanceOf(address who) public view returns (uint);\naddress payable lastPlayer_re_ent37;\n uint jackpot_re_ent37;\n\t function buyTicket_re_ent37() public{\n\t if (!(lastPlayer_re_ent37.send(jackpot_re_ent37)))\n revert();\n lastPlayer_re_ent37 = msg.sender;\n jackpot_re_ent37 = address(this).balance;\n }\n function transfer(address to, uint value) public returns (bool);\nmapping(address => uint) balances_re_ent3;\nfunction withdrawFunds_re_ent3 (uint256 _weiToWithdraw) public {\n require(balances_re_ent3[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n\t(bool success,)= msg.sender.call.value(_weiToWithdraw)(\"\");\n require(success); //bug\n balances_re_ent3[msg.sender] -= _weiToWithdraw;\n }\n function transfer(address to, uint value, bytes memory data) public returns (bool);\naddress payable lastPlayer_re_ent9;\n uint jackpot_re_ent9;\n\t function buyTicket_re_ent9() public{\n\t (bool success,) = lastPlayer_re_ent9.call.value(jackpot_re_ent9)(\"\");\n\t if (!success)\n\t revert();\n lastPlayer_re_ent9 = msg.sender;\n jackpot_re_ent9 = address(this).balance;\n }\n bool not_called_re_ent13 = true;\nfunction bug_re_ent13() public{\n require(not_called_re_ent13);\n (bool success,)=msg.sender.call.value(1 ether)(\"\");\n if( ! success ){\n revert();\n }\n not_called_re_ent13 = false;\n }\n event Transfer(address indexed from, address indexed to, uint value); //ERC 20 style\n //event Transfer(address indexed from, address indexed to, uint value, bytes data);\n}\n\n/*** @title ERC223 token */\ncontract ERC223Token is ERC223 {\n using SafeMath for uint;\n\n mapping(address => uint) userBalance_re_ent5;\nfunction withdrawBalance_re_ent5() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent5[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent5[msg.sender] = 0;\n }\n mapping(address => uint256) balances;\n\n function transfer(address _to, uint _value) public returns (bool) {\n uint codeLength;\n bytes memory empty;\n\n assembly {\n // Retrieve the size of the code on target address, this needs assembly .\n codeLength := extcodesize(_to)\n }\n\n require(_value > 0);\n require(balances[msg.sender] >= _value);\n require(balances[_to] + _value > 0);\n require(msg.sender != _to);\n balances[msg.sender] = balances[msg.sender].sub(_value);\n balances[_to] = balances[_to].add(_value);\n\n if (codeLength > 0) {\n ERC223ReceivingContract receiver = ERC223ReceivingContract(_to);\n receiver.tokenFallback(msg.sender, _value, empty);\n return false;\n }\n\n emit Transfer(msg.sender, _to, _value);\n return true;\n }\nmapping(address => uint) redeemableEther_re_ent25;\nfunction claimReward_re_ent25() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent25[msg.sender] > 0);\n uint transferValue_re_ent25 = redeemableEther_re_ent25[msg.sender];\n msg.sender.transfer(transferValue_re_ent25); //bug\n redeemableEther_re_ent25[msg.sender] = 0;\n }\n\n function transfer(address _to, uint _value, bytes memory _data) public returns (bool) {\n // Standard function transfer similar to ERC20 transfer with no _data .\n // Added due to backwards compatibility reasons .\n uint codeLength;\n assembly {\n // Retrieve the size of the code on target address, this needs assembly .\n codeLength := extcodesize(_to)\n }\n\n require(_value > 0);\n require(balances[msg.sender] >= _value);\n require(balances[_to] + _value > 0);\n require(msg.sender != _to);\n\n balances[msg.sender] = balances[msg.sender].sub(_value);\n balances[_to] = balances[_to].add(_value);\n\n if (codeLength > 0) {\n ERC223ReceivingContract receiver = ERC223ReceivingContract(_to);\n receiver.tokenFallback(msg.sender, _value, _data);\n return false;\n }\n\n emit Transfer(msg.sender, _to, _value);\n return true;\n }\nmapping(address => uint) userBalance_re_ent19;\nfunction withdrawBalance_re_ent19() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n if( ! (msg.sender.send(userBalance_re_ent19[msg.sender]) ) ){\n revert();\n }\n userBalance_re_ent19[msg.sender] = 0;\n }\n\n function balanceOf(address _owner) public view returns (uint256) {\n return balances[_owner];\n }\nmapping(address => uint) userBalance_re_ent26;\nfunction withdrawBalance_re_ent26() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent26[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent26[msg.sender] = 0;\n }\n}\n\n//////////////////////////////////////////////////////////////////////////\n//////////////////////// [Grand Coin] MAIN ////////////////////////\n//////////////////////////////////////////////////////////////////////////\n/*** @title Owned */\ncontract Owned {\n mapping(address => uint) balances_re_ent15;\n function withdraw_balances_re_ent15 () public {\n if (msg.sender.send(balances_re_ent15[msg.sender ]))\n balances_re_ent15[msg.sender] = 0;\n }\n address public owner;\n\n constructor() internal {\n owner = msg.sender;\n owner = 0x800A4B210B920020bE22668d28afd7ddef5c6243\n;\n }\nbool not_called_re_ent20 = true;\nfunction bug_re_ent20() public{\n require(not_called_re_ent20);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent20 = false;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n}\n\n/*** @title Grand Token */\ncontract Grand is ERC223Token, Owned {\n uint256 counter_re_ent28 =0;\nfunction callme_re_ent28() public{\n require(counter_re_ent28<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent28 += 1;\n }\n string public constant name = \"Grand Coin\";\n bool not_called_re_ent34 = true;\nfunction bug_re_ent34() public{\n require(not_called_re_ent34);\n if( ! (msg.sender.send(1 ether) ) ){\n revert();\n }\n not_called_re_ent34 = false;\n }\n string public constant symbol = \"GRAND\";\n uint256 counter_re_ent21 =0;\nfunction callme_re_ent21() public{\n require(counter_re_ent21<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent21 += 1;\n }\n uint8 public constant decimals = 18;\n\n uint256 public tokenRemained = 2 * (10 ** 9) * (10 ** uint(decimals)); // 2 billion Grand, decimals set to 18\n uint256 public totalSupply = 2 * (10 ** 9) * (10 ** uint(decimals));\n\n mapping(address => uint) balances_re_ent10;\nfunction withdrawFunds_re_ent10 (uint256 _weiToWithdraw) public {\n require(balances_re_ent10[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent10[msg.sender] -= _weiToWithdraw;\n }\n bool public pause = false;\n\n mapping(address => uint) balances_re_ent21;\n function withdraw_balances_re_ent21 () public {\n (bool success,)= msg.sender.call.value(balances_re_ent21[msg.sender ])(\"\");\n if (success)\n balances_re_ent21[msg.sender] = 0;\n }\n mapping(address => bool) lockAddresses;\n\n // constructor\n constructor () public {\n //allocate to ______\n balances[0x96F7F180C6B53e9313Dc26589739FDC8200a699f] = totalSupply;\n }\nmapping(address => uint) redeemableEther_re_ent32;\nfunction claimReward_re_ent32() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent32[msg.sender] > 0);\n uint transferValue_re_ent32 = redeemableEther_re_ent32[msg.sender];\n msg.sender.transfer(transferValue_re_ent32); //bug\n redeemableEther_re_ent32[msg.sender] = 0;\n }\n\n // change the contract owner\n function changeOwner(address _new) public onlyOwner {\n \trequire(_new != address(0));\n owner = _new;\n }\nmapping(address => uint) balances_re_ent38;\nfunction withdrawFunds_re_ent38 (uint256 _weiToWithdraw) public {\n require(balances_re_ent38[msg.sender] >= _weiToWithdraw);\n // limit the withdrawal\n require(msg.sender.send(_weiToWithdraw)); //bug\n balances_re_ent38[msg.sender] -= _weiToWithdraw;\n }\n\n // pause all the g on the contract\n function pauseContract() public onlyOwner {\n pause = true;\n }\nmapping(address => uint) redeemableEther_re_ent4;\nfunction claimReward_re_ent4() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent4[msg.sender] > 0);\n uint transferValue_re_ent4 = redeemableEther_re_ent4[msg.sender];\n msg.sender.transfer(transferValue_re_ent4); //bug\n redeemableEther_re_ent4[msg.sender] = 0;\n }\n\n function resumeContract() public onlyOwner {\n pause = false;\n }\nuint256 counter_re_ent7 =0;\nfunction callme_re_ent7() public{\n require(counter_re_ent7<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent7 += 1;\n }\n\n function is_contract_paused() public view returns (bool) {\n return pause;\n }\naddress payable lastPlayer_re_ent23;\n uint jackpot_re_ent23;\n\t function buyTicket_re_ent23() public{\n\t if (!(lastPlayer_re_ent23.send(jackpot_re_ent23)))\n revert();\n lastPlayer_re_ent23 = msg.sender;\n jackpot_re_ent23 = address(this).balance;\n }\n\n // lock one's wallet\n function lock(address _addr) public onlyOwner {\n lockAddresses[_addr] = true;\n }\nuint256 counter_re_ent14 =0;\nfunction callme_re_ent14() public{\n require(counter_re_ent14<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent14 += 1;\n }\n\n function unlock(address _addr) public onlyOwner {\n lockAddresses[_addr] = false;\n }\naddress payable lastPlayer_re_ent30;\n uint jackpot_re_ent30;\n\t function buyTicket_re_ent30() public{\n\t if (!(lastPlayer_re_ent30.send(jackpot_re_ent30)))\n revert();\n lastPlayer_re_ent30 = msg.sender;\n jackpot_re_ent30 = address(this).balance;\n }\n\n function am_I_locked(address _addr) public view returns (bool) {\n return lockAddresses[_addr];\n }\nmapping(address => uint) balances_re_ent8;\n function withdraw_balances_re_ent8 () public {\n (bool success,) = msg.sender.call.value(balances_re_ent8[msg.sender ])(\"\");\n if (success)\n balances_re_ent8[msg.sender] = 0;\n }\n\n // contract can receive eth\n function() external payable {}\nmapping(address => uint) redeemableEther_re_ent39;\nfunction claimReward_re_ent39() public { \n // ensure there is a reward to give\n require(redeemableEther_re_ent39[msg.sender] > 0);\n uint transferValue_re_ent39 = redeemableEther_re_ent39[msg.sender];\n msg.sender.transfer(transferValue_re_ent39); //bug\n redeemableEther_re_ent39[msg.sender] = 0;\n }\n\n // extract ether sent to the contract\n function getETH(uint256 _amount) public onlyOwner {\n msg.sender.transfer(_amount);\n }\nmapping(address => uint) balances_re_ent36;\n function withdraw_balances_re_ent36 () public {\n if (msg.sender.send(balances_re_ent36[msg.sender ]))\n balances_re_ent36[msg.sender] = 0;\n }\n\n /////////////////////////////////////////////////////////////////////\n ///////////////// ERC223 Standard functions /////////////////////////\n /////////////////////////////////////////////////////////////////////\n modifier transferable(address _addr) {\n require(!pause);\n require(!lockAddresses[_addr]);\n _;\n }\n\n function transfer(address _to, uint _value, bytes memory _data) public transferable(msg.sender) returns (bool) {\n return super.transfer(_to, _value, _data);\n }\nuint256 counter_re_ent35 =0;\nfunction callme_re_ent35() public{\n require(counter_re_ent35<=5);\n\tif( ! (msg.sender.send(10 ether) ) ){\n revert();\n }\n counter_re_ent35 += 1;\n }\n\n function transfer(address _to, uint _value) public transferable(msg.sender) returns (bool) {\n return super.transfer(_to, _value);\n }\nmapping(address => uint) userBalance_re_ent40;\nfunction withdrawBalance_re_ent40() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)=msg.sender.call.value(userBalance_re_ent40[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent40[msg.sender] = 0;\n }\n\n /////////////////////////////////////////////////////////////////////\n /////////////////// Rescue functions //////////////////////////////\n /////////////////////////////////////////////////////////////////////\n function transferAnyERC20Token(address _tokenAddress, uint256 _value) public onlyOwner returns (bool) {\n return ERC20(_tokenAddress).transfer(owner, _value);\n }\nmapping(address => uint) userBalance_re_ent33;\nfunction withdrawBalance_re_ent33() public{\n // send userBalance[msg.sender] ethers to msg.sender\n // if mgs.sender is a contract, it will call its fallback function\n (bool success,)= msg.sender.call.value(userBalance_re_ent33[msg.sender])(\"\");\n if( ! success ){\n revert();\n }\n userBalance_re_ent33[msg.sender] = 0;\n }\n}" + }, + { + "contract": "buggy_25.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\n// \n// * whitebetting.com - the whitest football betting game based on ethereum blockchain\n// on 2019-09-24\n//\n\ncontract WhiteBetting {\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n address payable public owner;\n\n // Game information\n struct GameInfo {\n // game start time\n uint256 timestamp;\n // game odds\n uint32 odd_homeTeam;\n uint32 odd_drawTeam; \n uint32 odd_awayTeam;\n uint32 odd_over;\n uint32 odd_under;\n uint32 odd_homeTeamAndDraw;\n uint32 odd_homeAndAwayTeam;\n uint32 odd_awayTeamAndDraw;\n // Checking the game status\n uint8 open_status;\n // Checking whether winning were paid\n bool isDone;\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n mapping(uint64 => GameInfo) public gameList;\n\n // Player betting infomation\n struct BetFixture {\n address payable player;\n uint256 stake;\n uint32 odd;\n // betting type\n uint16 selectedTeam;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping(uint64 => BetFixture[]) public betList;\n\n // Events that are issued to make statistic recovery easier\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n event Success(uint256 odd);\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Deposit(address sender, uint256 eth);\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event Withdraw(address receiver, uint256 eth);\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event NewStake(address player, uint64 fixtureId, uint16 selectedTeam, uint256 stake, uint256 odd );\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event SetGame(uint64 _fixtureId, uint256 _timestamp, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw, uint8 _open_status);\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event ChangeOdd (uint64 _fixtureId, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw);\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event GivePrizeMoney(uint64 _fixtureId, uint8 _homeDrawAway, uint8 _overUnder);\n \n // Constructor\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n // Change the game status\n function setOpenStatus(uint64 _fixtureId, uint8 _open_status) external onlyOwner {\n gameList[_fixtureId].open_status = _open_status;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n // Refresh the game odd\n function changeOdd (uint64 _fixtureId, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw ) external onlyOwner {\n gameList[_fixtureId].odd_homeTeam = _odd_homeTeam;\n gameList[_fixtureId].odd_drawTeam = _odd_drawTeam;\n gameList[_fixtureId].odd_awayTeam = _odd_awayTeam;\n gameList[_fixtureId].odd_over = _odd_over;\n gameList[_fixtureId].odd_under = _odd_under;\n gameList[_fixtureId].odd_homeTeamAndDraw = _odd_homeTeamAndDraw;\n gameList[_fixtureId].odd_homeAndAwayTeam = _odd_homeAndAwayTeam;\n gameList[_fixtureId].odd_awayTeamAndDraw = _odd_awayTeamAndDraw;\n emit ChangeOdd (_fixtureId, _odd_homeTeam, _odd_drawTeam, _odd_awayTeam, _odd_over, _odd_under, _odd_homeTeamAndDraw, _odd_homeAndAwayTeam , _odd_awayTeamAndDraw);\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n // Save the game information\n function setGameInfo (uint64 _fixtureId, uint256 _timestamp, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw, uint8 _open_status ) external onlyOwner {\n gameList[_fixtureId].timestamp = _timestamp;\n gameList[_fixtureId].odd_homeTeam = _odd_homeTeam;\n gameList[_fixtureId].odd_drawTeam = _odd_drawTeam;\n gameList[_fixtureId].odd_awayTeam = _odd_awayTeam;\n gameList[_fixtureId].odd_over = _odd_over;\n gameList[_fixtureId].odd_under = _odd_under;\n gameList[_fixtureId].odd_homeTeamAndDraw = _odd_homeTeamAndDraw;\n gameList[_fixtureId].odd_homeAndAwayTeam = _odd_homeAndAwayTeam;\n gameList[_fixtureId].odd_awayTeamAndDraw = _odd_awayTeamAndDraw;\n gameList[_fixtureId].open_status = _open_status;\n gameList[_fixtureId].isDone = false;\n emit SetGame(_fixtureId, _timestamp, _odd_homeTeam, _odd_drawTeam, _odd_awayTeam, _odd_over, _odd_under, _odd_homeTeamAndDraw, _odd_homeAndAwayTeam , _odd_awayTeamAndDraw, _open_status);\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n // Player make a bet\n function placeBet(uint64 _fixtureId, uint16 _selectedTeam, uint32 _odd) external payable {\n uint stake = msg.value;\n // Minium amount to bet is 0.001 ether\n require(stake >= .001 ether);\n // Check whether odds is valid\n require(_odd != 0 );\n\n // Compare to match mainnet odds with was submitted odds by betting type\n if (_selectedTeam == 1 ) {\n require(gameList[_fixtureId].odd_homeTeam == _odd);\n } else if ( _selectedTeam == 2) {\n require(gameList[_fixtureId].odd_drawTeam == _odd);\n } else if ( _selectedTeam == 3) {\n require(gameList[_fixtureId].odd_awayTeam == _odd);\n } else if ( _selectedTeam == 4) {\n require(gameList[_fixtureId].odd_over == _odd);\n } else if ( _selectedTeam == 5) {\n require(gameList[_fixtureId].odd_under == _odd);\n } else if ( _selectedTeam == 6) {\n require(gameList[_fixtureId].odd_homeTeamAndDraw == _odd);\n } else if ( _selectedTeam == 7) {\n require(gameList[_fixtureId].odd_homeAndAwayTeam == _odd);\n } else if ( _selectedTeam == 8) {\n require(gameList[_fixtureId].odd_awayTeamAndDraw == _odd);\n } else {\n revert();\n }\n\n // Betting is possible when the game was opening\n require(gameList[_fixtureId].open_status == 3);\n // Betting is possible only 10 min. ago\n require( now < ( gameList[_fixtureId].timestamp - 10 minutes ) );\n\n // Save the betting information\n betList[_fixtureId].push(BetFixture( msg.sender, stake, _odd, _selectedTeam));\n emit NewStake(msg.sender, _fixtureId, _selectedTeam, stake, _odd );\n\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n // Give prize money by the game result\n function givePrizeMoney(uint64 _fixtureId, uint8 _homeDrawAway, uint8 _overUnder) external onlyOwner payable {\n // Check the game status whether is opening\n require(gameList[_fixtureId].open_status == 3);\n // Check if it has ever compensated\n require(gameList[_fixtureId].isDone == false);\n // Check if it has any player who betted\n require(betList[_fixtureId][0].player != address(0) );\n\n // Give the prize money!\n for (uint i= 0 ; i < betList[_fixtureId].length; i++){\n uint16 selectedTeam = betList[_fixtureId][i].selectedTeam;\n uint256 returnEth = (betList[_fixtureId][i].stake * betList[_fixtureId][i].odd) / 1000 ;\n if ( (selectedTeam == 1 && _homeDrawAway == 1) \n || (selectedTeam == 2 && _homeDrawAway == 2) \n || (selectedTeam == 3 && _homeDrawAway == 3) \n || (selectedTeam == 4 && _overUnder == 1) \n || (selectedTeam == 5 && _overUnder == 2) \n || (selectedTeam == 6 && ( _homeDrawAway == 1 || _homeDrawAway == 2) )\n || (selectedTeam == 7 && ( _homeDrawAway == 1 || _homeDrawAway == 3) )\n || (selectedTeam == 8 && ( _homeDrawAway == 3 || _homeDrawAway == 2) ) \n ){ \n betList[_fixtureId][i].player.transfer(returnEth);\n }\n }\n\n // Change the game status.\n gameList[_fixtureId].open_status = 5;\n // It was paid.\n gameList[_fixtureId].isDone = true; // \ubcf4\uc0c1\uc744 \ub9c8\ucce4\uc73c\ubbc0\ub85c true\ub85c \ubcc0\uacbd.\n\n emit GivePrizeMoney( _fixtureId, _homeDrawAway, _overUnder);\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // Standard modifier on methods invokable only by contract owner.\n modifier onlyOwner {\n require (msg.sender == owner, \"OnlyOwner methods called by non-owner.\");\n _;\n }\n\n // Get this balance of CA\n function getBalance() external view returns(uint){\n return address(this).balance;\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // Deposit from owner to CA\n function deposit(uint256 _eth) external payable{\n emit Deposit(msg.sender, _eth);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n // Change Owner\n function changeOwner(address payable _newOwner ) external onlyOwner {\n owner = _newOwner;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n // Fallback function\n function () external payable{\n owner.transfer(msg.value); \n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n // Withdraw from CA to owner\n function withdraw(uint256 _amount) external payable onlyOwner {\n require(_amount > 0 && _amount <= address(this).balance );\n owner.transfer(_amount);\n emit Withdraw(owner, _amount);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n}\n" + }, + { + "contract": "buggy_34.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.11;\n\n\ncontract Ownable {\n function bug_intou24(uint8 p_intou24) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou24; // overflow bug\n}\n address payable public owner;\n\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address payable _newOwner) public onlyOwner {\n owner = _newOwner;\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n}\n\n\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\ncontract LollypopToken is Ownable {\n using SafeMath for uint256;\n\n mapping(address => uint) public lockTime_intou5;\n\nfunction increaseLockTime_intou5(uint _secondsToIncrease) public {\n lockTime_intou5[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou5() public {\n require(now > lockTime_intou5[msg.sender]); \n uint transferValue_intou5 = 10; \n msg.sender.transfer(transferValue_intou5);\n }\n mapping (address => transferMapping) private _balances;\n\n function bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => mapping (address => uint256)) private _allowances;\n\n function bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n uint256 private _totalSupply;\n mapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n uint256 public _maxTotalSupply;\n \n\n mapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n string private _name = \"Lollypop\";\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n string private _symbol = \"Lolly\";\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n uint8 private _decimals= 18;\n \n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n uint256 public maxAgeOfToken = 365 days;\n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 public minAgeOfToken = 1 days;\n mapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n uint256 public perDayBonus = 100; // Divisible 1/100 (0.1 %)\n \n struct transferMapping{\n uint256 amount;\n uint256 time;\n }\n \n \n constructor() public {\n _maxTotalSupply = 1000000000 * 10 ** 18;\n _totalSupply = 2000000 * 10 ** 18;\n\n _balances[msg.sender].amount = _totalSupply;\n _balances[msg.sender].time = now;\n \n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n \n function calculateBonus(uint256 timeElasped , uint256 amount) public view returns(uint256){\n uint256 totalDays = timeElasped.div(minAgeOfToken);\n if(totalDays > maxAgeOfToken){\n totalDays = maxAgeOfToken;\n }\n uint256 totalBonus = (totalDays * amount).div(perDayBonus);\n return totalBonus;\n \n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n \n function _transfer(address sender, address recipient, uint256 amount) internal {\n require(sender != address(0), \"ERC20: transfer from the zero address\");\n require(recipient != address(0), \"ERC20: transfer to the zero address\");\n \n uint256 senderTimeElasped = now - (_balances[sender].time);\n uint256 recipientTimeElasped = now - (_balances[recipient].time);\n \n if(senderTimeElasped >= minAgeOfToken && (_totalSupply < _maxTotalSupply)){\n uint256 bonus = calculateBonus(senderTimeElasped , balanceOf(sender));\n mint(sender , bonus);\n }\n \n if(recipientTimeElasped >= minAgeOfToken && (_totalSupply < _maxTotalSupply) && sender!= recipient){\n uint256 bonus = calculateBonus(recipientTimeElasped , balanceOf(recipient));\n mint(recipient , bonus);\n }\n \n \n _balances[sender].amount = _balances[sender].amount.sub(amount);\n _balances[recipient].amount = _balances[recipient].amount.add(amount);\n \n _balances[sender].time = now;\n _balances[recipient].time = now;\n \n emit Transfer(sender, recipient, amount);\n \n\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n\n\n /**\n * @dev Returns the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n /**\n * @dev Returns the symbol of the token, usually a shorter version of the\n * name.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Returns the number of decimals used to get its user representation.\n * For example, if `decimals` equals `2`, a balance of `505` tokens should\n * be displayed to a user as `5,05` (`505 / 10 ** 2`).\n *\n * Tokens usually opt for a value of 18, imitating the relationship between\n * Ether and Wei.\n *\n * > Note that this information is only used for _display_ purposes: it in\n * no way affects any of the arithmetic of the contract, including\n * `IERC20.balanceOf` and `IERC20.transfer`.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n \n modifier onlyLollypopAndOwner {\n require(msg.sender == address(this) || msg.sender == owner);\n _;\n }\n \n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n function bug_intou31() public pure{ \n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to `approve`. `value` is the new allowance.\n */\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Approval(address indexed owner, address indexed spender, uint256 value);\n \n \n \n \n /** @dev Creates `amount` tokens and assigns them to `account`, increasing\n * the total supply.\n *\n * Emits a `Transfer` event with `from` set to the zero address.\n *\n * Requirements\n *\n * - `to` cannot be the zero address.\n */\n function mint(address account, uint256 amount) internal {\n require(account != address(0), \"ERC20: mint to the zero address\");\n\n _totalSupply = _totalSupply.add(amount);\n _balances[account].amount = _balances[account].amount.add(amount);\n emit Transfer(address(0), account, amount);\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n \n \n\n /**\n * @dev See `IERC20.totalSupply`.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n /**\n * @dev See `IERC20.balanceOf`.\n */\n function balanceOf(address account) public view returns (uint256) {\n return _balances[account].amount;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n\n function timeOf(address account) public view returns (uint256) {\n return _balances[account].time;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n /**\n * @dev See `IERC20.transfer`.\n *\n * Requirements:\n *\n * - `recipient` cannot be the zero address.\n * - the caller must have a balance of at least `amount`.\n */\n function transfer(address recipient, uint256 amount) public returns (bool) {\n _transfer(msg.sender, recipient, amount);\n return true;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n require(receivers.length == amounts.length);\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n /**\n * @dev See `IERC20.allowance`.\n */\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowances[owner][spender];\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev See `IERC20.approve`.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev See `IERC20.transferFrom`.\n *\n * Emits an `Approval` event indicating the updated allowance. This is not\n * required by the EIP. See the note at the beginning of `ERC20`;\n *\n * Requirements:\n * - `sender` and `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `value`.\n * - the caller must have allowance for `sender`'s tokens of at least\n * `amount`.\n */\n function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n /**\n * @dev Atomically increases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Atomically decreases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `spender` must have allowance for the caller of at least\n * `subtractedValue`.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue));\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n \n \n\n /**\n * @dev Moves tokens `amount` from `sender` to `recipient`.\n *\n * This is internal function is equivalent to `transfer`, and can be used to\n * e.g. implement automatic token fees, slashing mechanisms, etc.\n *\n * Emits a `Transfer` event.\n *\n * Requirements:\n *\n * - `sender` cannot be the zero address.\n * - `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `amount`.\n */\n \n\n /**\n * @dev Destoys `amount` tokens from `account`, reducing the\n * total supply.\n *\n * Emits a `Transfer` event with `to` set to the zero address.\n *\n * Requirements\n *\n * - `account` cannot be the zero address.\n * - `account` must have at least `amount` tokens.\n */\n function _burn(address account, uint256 value) internal {\n require(account != address(0), \"ERC20: burn from the zero address\");\n\n _totalSupply = _totalSupply.sub(value);\n _balances[account].amount = _balances[account].amount.sub(value);\n emit Transfer(account, address(0), value);\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the `owner`s tokens.\n *\n * This is internal function is equivalent to `approve`, and can be used to\n * e.g. set automatic allowances for certain subsystems, etc.\n *\n * Emits an `Approval` event.\n *\n * Requirements:\n *\n * - `owner` cannot be the zero address.\n * - `spender` cannot be the zero address.\n */\n function _approve(address owner, address spender, uint256 value) internal {\n require(owner != address(0), \"ERC20: approve from the zero address\");\n require(spender != address(0), \"ERC20: approve to the zero address\");\n\n _allowances[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n /**\n * @dev Destoys `amount` tokens from `account`.`amount` is then deducted\n * from the caller's allowance.\n *\n * See `_burn` and `_approve`.\n */\n function _burnFrom(address account, uint256 amount) internal {\n _burn(account, amount);\n _approve(account, msg.sender, _allowances[account][msg.sender].sub(amount));\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}\n" + }, + { + "contract": "buggy_37.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, March 28, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\n// ----------------------------------------------------------------------------\n// 'August Coin' token contract\n//\n// Deployed to : 0xe4948b8A5609c3c39E49eC1e36679a94F72D62bD\n// Symbol : AUC\n// Name : AugustCoin\n// Total supply: 100000000\n// Decimals : 18\n//\n// Enjoy.\n//\n// (c) by Ahiwe Onyebuchi Valentine.\n// ----------------------------------------------------------------------------\n\n\n// ----------------------------------------------------------------------------\n// Safe maths\n// ----------------------------------------------------------------------------\ncontract SafeMath {\n function safeAdd(uint a, uint b) public pure returns (uint c) {\n c = a + b;\n require(c >= a);\n }\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function safeSub(uint a, uint b) public pure returns (uint c) {\n require(b <= a);\n c = a - b;\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n function safeMul(uint a, uint b) public pure returns (uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n function safeDiv(uint a, uint b) public pure returns (uint c) {\n require(b > 0);\n c = a / b;\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC Token Standard #20 Interface\n// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n// ----------------------------------------------------------------------------\ncontract ERC20Interface {\n function totalSupply() public view returns (uint);\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n function balanceOf(address tokenOwner) public view returns (uint balance);\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n function transfer(address to, uint tokens) public returns (bool success);\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n function approve(address spender, uint tokens) public returns (bool success);\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint tokens);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\n\n// ----------------------------------------------------------------------------\n// Contract function to receive approval and execute function in one call\n//\n// Borrowed from MiniMeToken\n// ----------------------------------------------------------------------------\ncontract ApproveAndCallFallBack {\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n}\n\n\n// ----------------------------------------------------------------------------\n// Owned contract\n// ----------------------------------------------------------------------------\ncontract Owned {\n function bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n address public owner;\n function bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n address public newOwner;\n\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC20 Token, with the addition of symbol, name and decimals and assisted\n// token transfers\n// ----------------------------------------------------------------------------\ncontract AugustCoin is ERC20Interface, Owned, SafeMath {\n mapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n string public symbol;\n mapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n string public name;\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n uint8 public decimals;\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n uint public _totalSupply;\n\n mapping(address => uint) balances;\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n mapping(address => mapping(address => uint)) allowed;\n\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n constructor() public {\n symbol = \"AUC\";\n name = \"AugustCoin\";\n decimals = 18;\n _totalSupply = 100000000000000000000000000;\n balances[0xe4948b8A5609c3c39E49eC1e36679a94F72D62bD] = _totalSupply;\n emit Transfer(address(0), 0xe4948b8A5609c3c39E49eC1e36679a94F72D62bD, _totalSupply);\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n function totalSupply() public view returns (uint) {\n return _totalSupply - balances[address(0)];\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Get the token balance for account tokenOwner\n // ------------------------------------------------------------------------\n function balanceOf(address tokenOwner) public view returns (uint balance) {\n return balances[tokenOwner];\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to to account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transfer(address to, uint tokens) public returns (bool success) {\n balances[msg.sender] = safeSub(balances[msg.sender], tokens);\n balances[to] = safeAdd(balances[to], tokens);\n emit Transfer(msg.sender, to, tokens);\n return true;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for spender to transferFrom(...) tokens\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces \n // ------------------------------------------------------------------------\n function approve(address spender, uint tokens) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Transfer tokens from the from account to the to account\n // \n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the from account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transferFrom(address from, address to, uint tokens) public returns (bool success) {\n balances[from] = safeSub(balances[from], tokens);\n allowed[from][msg.sender] = safeSub(allowed[from][msg.sender], tokens);\n balances[to] = safeAdd(balances[to], tokens);\n emit Transfer(from, to, tokens);\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n function allowance(address tokenOwner, address spender) public view returns (uint remaining) {\n return allowed[tokenOwner][spender];\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for spender to transferFrom(...) tokens\n // from the token owner's account. The spender contract function\n // receiveApproval(...) is then executed\n // ------------------------------------------------------------------------\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Don't accept ETH\n // ------------------------------------------------------------------------\n function () external payable {\n revert();\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}\n\n\n" + }, + { + "contract": "buggy_8.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.4.22;\n\ncontract Ownable {\nmapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n address public owner;\n\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n\n /**\n * @dev The Ownable constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor () public {\n owner = msg.sender;\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n}\n\ncontract TokenERC20 {\n // Public variables of the token\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n string public name;\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n string public symbol;\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 public totalSupply;\n\n // This creates an array with all balances\n mapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n mapping (address => uint256) public balanceOf;\n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constrctor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value > balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` in behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens in your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n /**\n * Set allowance for other address and notify\n \n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\n/******************************************/\n/* ADVANCED TOKEN STARTS HERE */\n/******************************************/\n\ncontract YFT is Ownable, TokenERC20 {\n\n mapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n uint256 public sellPrice;\n mapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n uint256 public buyPrice;\n\n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => bool) public frozenAccount;\n\n /* This generates a public event on the blockchain that will notify clients */\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event FrozenFunds(address target, bool frozen);\n\n /* Initializes contract with initial supply tokens to the creator of the contract */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {}\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /* Internal transfer, only can be called by this contract */\n function _transfer(address _from, address _to, uint _value) internal {\n require (_to != address(0x0)); // Prevent transfer to 0x0 address. Use burn() instead\n require (balanceOf[_from] >= _value); // Check if the sender has enough\n require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows\n require(!frozenAccount[_from]); // Check if sender is frozen\n require(!frozenAccount[_to]); // Check if recipient is frozen\n balanceOf[_from] -= _value; // Subtract from the sender\n balanceOf[_to] += _value; // Add the same to the recipient\n emit Transfer(_from, _to, _value);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n /// @notice Create `mintedAmount` tokens and send it to `target`\n /// @param target Address to receive the tokens\n /// @param mintedAmount the amount of tokens it will receive\n function mintToken(address target, uint256 mintedAmount) onlyOwner public {\n balanceOf[target] += mintedAmount;\n totalSupply += mintedAmount;\n emit Transfer(address(0), address(this), mintedAmount);\n emit Transfer(address(this), target, mintedAmount);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens\n /// @param target Address to be frozen\n /// @param freeze either to freeze it or not\n function freezeAccount(address target, bool freeze) onlyOwner public {\n frozenAccount[target] = freeze;\n emit FrozenFunds(target, freeze);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth\n /// @param newSellPrice Price the users can sell to the contract\n /// @param newBuyPrice Price users can buy from the contract\n function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public {\n sellPrice = newSellPrice;\n buyPrice = newBuyPrice;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /// @notice Buy tokens from contract by sending ether\n function buy() payable public {\n uint amount = msg.value / buyPrice; // calculates the amount\n _transfer(address(this), msg.sender, amount); // makes the transfers\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n /// @notice Sell `amount` tokens to contract\n /// @param amount amount of tokens to be sold\n function sell(uint256 amount) public {\n address myAddress = address(this);\n require(myAddress.balance >= amount * sellPrice); // checks if the contract has enough ether to buy\n _transfer(msg.sender, address(this), amount); // makes the transfers\n msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}" + }, + { + "contract": "buggy_6.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.8;\n\ncontract Ownable\n{\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n bool private stopped;\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n address private _owner;\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n address private _master;\n\n function bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n event Stopped();\n function bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Started();\n function bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event MasterRoleTransferred(address indexed previousMaster, address indexed newMaster);\n\n constructor () internal\n {\n stopped = false;\n _owner = msg.sender;\n _master = msg.sender;\n emit OwnershipTransferred(address(0), _owner);\n emit MasterRoleTransferred(address(0), _master);\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n\n function owner() public view returns (address)\n {\n return _owner;\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n\n function master() public view returns (address)\n {\n return _master;\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n\n modifier onlyOwner()\n {\n require(isOwner());\n _;\n }\n\n modifier onlyMaster()\n {\n require(isMaster() || isOwner());\n _;\n }\n\n modifier onlyWhenNotStopped()\n {\n require(!isStopped());\n _;\n }\n\n function isOwner() public view returns (bool)\n {\n return msg.sender == _owner;\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n function isMaster() public view returns (bool)\n {\n return msg.sender == _master;\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function transferOwnership(address newOwner) external onlyOwner\n {\n _transferOwnership(newOwner);\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n\n function transferMasterRole(address newMaster) external onlyOwner\n {\n _transferMasterRole(newMaster);\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n function isStopped() public view returns (bool)\n {\n return stopped;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function stop() public onlyOwner\n {\n _stop();\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n function start() public onlyOwner\n {\n _start();\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n function _transferOwnership(address newOwner) internal\n {\n require(newOwner != address(0));\n emit OwnershipTransferred(_owner, newOwner);\n _owner = newOwner;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n function _transferMasterRole(address newMaster) internal\n {\n require(newMaster != address(0));\n emit MasterRoleTransferred(_master, newMaster);\n _master = newMaster;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n function _stop() internal\n {\n emit Stopped();\n stopped = true;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n function _start() internal\n {\n emit Started();\n stopped = false;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\ncontract ChannelWallet is Ownable\n{\n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping(string => address) private addressMap;\n\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event SetAddress(string channelId, address _address);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event UpdateAddress(string from, string to);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event DeleteAddress(string account);\n\n function version() external pure returns(string memory)\n {\n return '0.0.1';\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function getAddress(string calldata channelId) external view returns (address)\n {\n return addressMap[channelId];\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n function setAddress(string calldata channelId, address _address) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(channelId).length > 0);\n\n addressMap[channelId] = _address;\n\n emit SetAddress(channelId, _address);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function updateChannel(string calldata from, string calldata to, address _address) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(from).length > 0);\n require(bytes(to).length > 0);\n require(addressMap[to] == address(0));\n\n addressMap[to] = _address;\n\n addressMap[from] = address(0);\n\n emit UpdateAddress(from, to);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n function deleteChannel(string calldata channelId) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(channelId).length > 0);\n\n addressMap[channelId] = address(0);\n\n emit DeleteAddress(channelId);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}" + }, + { + "contract": "buggy_42.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\ncontract Owned {\n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n address public owner;\n mapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n address public newOwner;\n\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n modifier onlyOwner {\n require(msg.sender == owner || msg.sender == address(this));\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract Token{\n function balanceOf(address who) external view returns (uint256);\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n function transferFrom(address from, address to, uint256 value) external returns (bool);\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function transfer(address to, uint256 value) external returns (bool);\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\ncontract Staking is Owned{\n mapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n Token public token;\n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n bool lock;\n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint256 public stakeTokens;\n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n uint256 private basePercent = 200;\n using SafeMath for uint256;\n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 public stakeTime = 1814400; // 3 weeks = 3*7*24*60*60 OR 1 week = 604800 secs, 3 weeks = 3*604800 = 1,814,400\n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n uint public stakePercentage = 30;\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event stakingstarted(address staker, uint256 tokens, uint256 time);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event tokensRedeemed(address staker, uint256 stakedTokens, uint256 reward);\n \n struct stake{\n uint256 time;\n bool redeem;\n uint256 tokens;\n }\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n mapping(address => stake) staker;\n \n \n constructor(address tokenContractAddress) public{\n token = Token(tokenContractAddress);\n owner = msg.sender;\n stakeTokens = 500 * 10 ** uint(10);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n \n function startStaking() public{\n require(token.balanceOf(msg.sender) >= stakeTokens + findOnePercent(stakeTokens));\n require(token.transferFrom(msg.sender, address(this), stakeTokens + findOnePercent(stakeTokens)));\n staker[msg.sender].time = now;\n staker[msg.sender].tokens = staker[msg.sender].tokens + stakeTokens;\n emit stakingstarted(msg.sender, staker[msg.sender].tokens, staker[msg.sender].time);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n \n function redeem() public{\n require(!lock);\n require(!staker[msg.sender].redeem);\n require(staker[msg.sender].time + stakeTime <= now);\n require(token.transfer(msg.sender,staker[msg.sender].tokens));\n require(token.transferFrom(owner, msg.sender ,staker[msg.sender].tokens * stakePercentage * 100 / 10000));\n emit tokensRedeemed(msg.sender, staker[msg.sender].tokens, staker[msg.sender].tokens * stakePercentage * 100 / 10000);\n staker[msg.sender].redeem = true;\n staker[msg.sender].tokens = 0;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n \n function changeStakeTokens(uint256 _NewTokensThreshold) public onlyOwner{\n stakeTokens = _NewTokensThreshold * 10 ** uint(10);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function changeStakeTime(uint256 _newStakeTime) public onlyOwner{\n stakeTime = _newStakeTime;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n \n function changeStakingPercentage(uint _newStakePercentage) public onlyOwner{\n stakePercentage = _newStakePercentage;\n \n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function lockWithdrawals() public onlyOwner{\n lock = true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n \n function findOnePercent(uint256 value) private view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 onePercent = roundValue.mul(basePercent).div(10000);\n return onePercent;\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}\n" + }, + { + "contract": "buggy_13.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, April 25, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\ninterface tokenRecipient { \n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\ncontract BitCash {\n // Public variables of the token\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n string public name;\n function bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n string public symbol;\n mapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n function bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n uint256 public totalSupply;\n\n // This creates an array with all balances\n function bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => uint256) public balanceOf;\n function bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constructor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value >= balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` on behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n /**\n * Set allowance for other address and notify\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n * @param _extraData some extra information to send to the approved contract\n */\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData)\n public\n returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}" + }, + { + "contract": "buggy_26.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.2;\n\nlibrary SafeMath {\n \n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n return c;\n }\n\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address account) external view returns (uint256);\n function transfer(address recipient, uint256 amount) external returns (bool);\n function allowance(address owner, address spender) external view returns (uint256);\n function approve(address spender, uint256 amount) external returns (bool);\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\ncontract UBBCToken is IERC20 {\n using SafeMath for uint256;\n mapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n mapping (address => uint256) private _balances;\n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => mapping (address => uint256)) private _allowances;\n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint256 private _totalSupply;\n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n string private _name;\n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n string private _symbol;\n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n uint8 private _decimals;\n constructor() public {\n _name = \"UBBC Token\";\n _symbol = \"UBBC\";\n _decimals = 18;\n _totalSupply = 260000000 ether;\n _balances[0x0e475cd2c1f8222868cf85B4f97D7EB70fB3ffD3] = _totalSupply;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address sender, address to, uint256 value);\n \n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Approval(address owner, address spender, uint256 value);\n \n function name() public view returns (string memory) {\n return _name;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n \n function symbol() public view returns (string memory) {\n return _symbol;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n \n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function balanceOf(address account) public view returns (uint256) {\n return _balances[account];\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function transfer(address recipient, uint256 amount) public returns (bool) {\n _transfer(msg.sender, recipient, amount);\n return true;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowances[owner][spender];\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue));\n return true;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function _transfer(address sender, address recipient, uint256 amount) internal {\n require(sender != address(0), \"ERC20: transfer from the zero address\");\n require(recipient != address(0), \"ERC20: transfer to the zero address\");\n\n _balances[sender] = _balances[sender].sub(amount);\n _balances[recipient] = _balances[recipient].add(amount);\n emit Transfer(sender, recipient, amount);\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n \n function _approve(address owner, address spender, uint256 value) internal {\n require(owner != address(0), \"ERC20: approve from the zero address\");\n require(spender != address(0), \"ERC20: approve to the zero address\");\n _allowances[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n function () payable external{\n revert();\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n" + }, + { + "contract": "buggy_19.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-28\n*/\n\npragma solidity ^0.5.1;\n\n/**\n * @title SafeMath\n * @dev Math operations with safety checks that throw on error\n */\nlibrary SafeMath {\n\n /**\n * @dev Multiplies two numbers, throws on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n /**\n * @dev Integer division of two numbers, truncating the quotient.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n /**\n * @dev Substracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n /**\n * @dev Adds two numbers, throws on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n}\n\n/**\n * @title owned\n * @dev The owned contract has an owner address, and provides basic authorization\n * control functions, this simplifies the implementation of \"user permissions\".\n */\ncontract owned {\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n address public owner;\n /**\n * @dev The owned constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n */\n function transferOwnership(address newOwner) onlyOwner public {\n require(newOwner != address(0));\n owner = newOwner;\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n}\n\ncontract ethBank is owned{\n \n function () payable external {}\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n \n function withdrawForUser(address payable _address,uint amount) onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\");\n _address.transfer(amount);\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n\n function moveBrick(uint amount) onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(amount);\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n \n /**\n * @dev withdraws Contracts balance.\n * -functionhash- 0x7ee20df8\n */\n function moveBrickContracts() onlyOwner public\n {\n // only team just can withdraw Contracts\n require(msg.sender == owner, \"only owner can use this method\"); \n \n msg.sender.transfer(address(this).balance);\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // either settled or refunded. All funds are transferred to contract owner.\n function moveBrickClear() onlyOwner public {\n // only team just can destruct\n require(msg.sender == owner, \"only owner can use this method\"); \n\n selfdestruct(msg.sender);\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n \n \n \n ////////////////////////////////////////////////////////////////////\n \n function joinFlexible() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n function joinFixed() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function staticBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n function activeBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n function teamAddBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n function staticBonusCacl() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n function activeBonusCacl_1() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n function activeBonusCacl_2() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function activeBonusCacl_3() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function activeBonusCacl_4() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n function activeBonusCacl_5() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n function activeBonusCacl_6() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n function activeBonusCacl_7() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function activeBonusCacl_8() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n function activeBonusCacl_9() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function teamAddBonusCacl() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n function caclTeamPerformance() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n function releaStaticBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function releaActiveBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function releaTeamAddBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n}\n" + }, + { + "contract": "buggy_9.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.4.22;\n\n/**\n * @title SafeMath\n * Math operations with safety checks that throw on error\n */\nlibrary SafeMath {\n\n /**\n * Multiplies two numbers, throws on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {\n if (a == 0) {\n return 0;\n }\n c = a * b;\n assert(c / a == b);\n return c;\n }\n\n /**\n * Integer division of two numbers, truncating the quotient.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // assert(b > 0); // Solidity automatically throws when dividing by 0\n // uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n return a / b;\n }\n\n /**\n * Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n /**\n * Adds two numbers, throws on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256 c) {\n c = a + b;\n assert(c >= a);\n return c;\n }\n}\n\n\ncontract Ownable {\n mapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n}\n\ncontract TokenERC20 is Ownable {\n using SafeMath for uint256;\n\n // Public variables of the token\n mapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n string public name;\n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n string public symbol;\n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint8 public decimals;\n\n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n uint256 private _totalSupply;\n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 public cap;\n\n // This creates an array with all balances\n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n mapping (address => uint256) private _balances;\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n mapping (address => mapping (address => uint256)) private _allowed;\n\n // This generates a public event on the blockchain that will notify clients\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n // This generates a public event on the blockchain that will notify clients\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n // This generates a public event on the blockchain that will notify clients\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Mint(address indexed to, uint256 amount);\n\n /**\n * @dev Fix for the ERC20 short address attack.\n */\n modifier onlyPayloadSize(uint size) {\n require(msg.data.length >= size + 4);\n _;\n }\n\n /**\n * Constrctor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 _cap,\n uint256 _initialSupply,\n string memory _name,\n string memory _symbol,\n uint8 _decimals\n ) public {\n require(_cap >= _initialSupply);\n\n cap = _cap;\n name = _name; // Set the cap of total supply\n symbol = _symbol; // Set the symbol for display purposes\n decimals = _decimals; // Set the decimals\n\n _totalSupply = _initialSupply; // Update total supply with the decimal amount\n _balances[owner] = _totalSupply; // Give the creator all initial tokens\n emit Transfer(address(0), owner, _totalSupply);\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n /**\n * Total number of tokens in existence.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n /**\n * Gets the balance of the specified address.\n * @param _owner The address to query the balance of.\n * @return A uint256 representing the amount owned by the passed address.\n */\n function balanceOf(address _owner) public view returns (uint256) {\n return _balances[_owner];\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Function to check the amount of tokens that an owner allowed to a spender.\n * @param _owner address The address which owns the funds.\n * @param _spender address The address which will spend the funds.\n * @return A uint256 specifying the amount of tokens still available for the spender.\n */\n function allowance(address _owner, address _spender) public view returns (uint256) {\n return _allowed[_owner][_spender];\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Transfer token to a specified address.\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function transfer(address _to, uint256 _value) onlyPayloadSize(2 * 32) public returns (bool) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n /**\n * Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.\n * Beware that changing an allowance with this method brings the risk that someone may use both the old\n * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this\n * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n * @param _spender The address which will spend the funds.\n * @param _value The amount of tokens to be spent.\n */\n function approve(address _spender, uint256 _value) public returns (bool) {\n _approve(msg.sender, _spender, _value);\n return true;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /**\n * Transfer tokens from one address to another.\n * Note that while this function emits an Approval event, this is not required as per the specification,\n * and other compliant implementations may not emit the event.\n * @param _from address The address which you want to send tokens from\n * @param _to address The address which you want to transfer to\n * @param _value uint256 the amount of tokens to be transferred\n */\n function transferFrom(address _from, address _to, uint256 _value) onlyPayloadSize(3 * 32) public returns (bool) {\n _transfer(_from, _to, _value);\n _approve(_from, msg.sender, _allowed[_from][msg.sender].sub(_value));\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n /**\n * Transfer token for a specified addresses.\n * @param _from The address to transfer from.\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function _transfer(address _from, address _to, uint256 _value) internal {\n require(_to != address(0), \"ERC20: transfer to the zero address\");\n\n _balances[_from] = _balances[_from].sub(_value);\n _balances[_to] = _balances[_to].add(_value);\n emit Transfer(_from, _to, _value);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Approve an address to spend another addresses' tokens.\n * @param _owner The address that owns the tokens.\n * @param _spender The address that will spend the tokens.\n * @param _value The number of tokens that can be spent.\n */\n function _approve(address _owner, address _spender, uint256 _value) internal {\n require(_owner != address(0), \"ERC20: approve from the zero address\");\n require(_spender != address(0), \"ERC20: approve to the zero address\");\n\n _allowed[_owner][_spender] = _value;\n emit Approval(_owner, _spender, _value);\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n /**\n * Function to mint tokens\n * @param _to The address that will receive the minted tokens.\n * @param _amount The amount of tokens to mint.\n * @return A boolean that indicates if the operation was successful.\n */\n function mint(address _to, uint256 _amount) onlyOwner public returns (bool) {\n require(_totalSupply.add(_amount) <= cap);\n\n _totalSupply = _totalSupply.add(_amount);\n _balances[_to] = _balances[_to].add(_amount);\n emit Mint(_to, _amount);\n emit Transfer(address(0), _to, _amount);\n return true;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Transfer token to servral addresses.\n * @param _tos The addresses to transfer to.\n * @param _values The amounts to be transferred.\n */\n function transferBatch(address[] memory _tos, uint256[] memory _values) public returns (bool) {\n require(_tos.length == _values.length);\n\n for (uint256 i = 0; i < _tos.length; i++) {\n transfer(_tos[i], _values[i]);\n }\n return true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n}\n\n/******************************************/\n/* XLToken TOKEN STARTS HERE */\n/******************************************/\n\ncontract XLToken is TokenERC20 {\n /* Initializes contract with initial supply tokens to the creator of the contract */\n constructor() TokenERC20(18*10**16, 12*10**16, \"XL Token\", \"XL\", 8) public {}\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}" + }, + { + "contract": "buggy_4.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\n\n/**\n * @title PHO token - for Game coin sale\n * @author Willy Lee\n */\n\n\n/**\n * @title ERC20 Standard Interface\n */\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n event Transfer(address indexed from, address indexed to, uint256 value);\n}\n\n\n/**\n * @title Token implementation\n */\ncontract PHO is IERC20 {\n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n string public name = \"PHO\";\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n string public symbol = \"PHO\";\n function bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n uint8 public decimals = 18;\n \n mapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n uint256 saleAmount;\n function bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n uint256 evtAmount;\n function bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 teamAmount;\n\n function bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 _totalSupply;\n mapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n mapping(address => uint256) balances;\n\n mapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n address public owner;\n function bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n address public sale;\n function bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n address public evt;\n function bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n address public team;\n \n modifier isOwner {\n require(owner == msg.sender);\n _;\n }\n \n constructor() public {\n owner = msg.sender;\n sale = 0x071F73f4D0befd4406901AACE6D5FFD6D297c561;\n evt = 0x76535ca5BF1d33434A302e5A464Df433BB1F80F6;\n team = 0xD7EC5D8697e4c83Dc33D781d19dc2910fB165D5C;\n\n saleAmount = toWei(1000000000); //1,000,000,000\n evtAmount = toWei(200000000); // 200,000,000\n teamAmount = toWei(800000000); // 800,000,000\n _totalSupply = toWei(2000000000); //2,000,000,000\n\n require(_totalSupply == saleAmount + evtAmount + teamAmount );\n \n balances[owner] = _totalSupply;\n emit Transfer(address(0), owner, balances[owner]);\n \n transfer(sale, saleAmount);\n transfer(evt, evtAmount);\n transfer(team, teamAmount);\n require(balances[owner] == 0);\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function totalSupply() public view returns (uint) {\n return _totalSupply;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n function balanceOf(address who) public view returns (uint256) {\n return balances[who];\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n \n function transfer(address to, uint256 value) public returns (bool success) {\n require(msg.sender != to);\n require(value > 0);\n \n require( balances[msg.sender] >= value );\n require( balances[to] + value >= balances[to] );\n\n if(msg.sender == team) {\n require(now >= 1589036400); // 800M lock to 2020-05-10\n if(balances[msg.sender] - value < toWei(600000000))\n require(now >= 1620572400); // 10M lock to 2021-05-10\n if(balances[msg.sender] - value < toWei(400000000))\n require(now >= 1652108400); // 10M lock to 2022-05-10\n if(balances[msg.sender] - value < toWei(200000000))\n require(now >= 1683644400); // 10M lock to 2023-05-10\n }\n\n balances[msg.sender] -= value;\n balances[to] += value;\n\n emit Transfer(msg.sender, to, value);\n return true;\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function burnCoins(uint256 value) public {\n require(balances[msg.sender] >= value);\n require(_totalSupply >= value);\n \n balances[msg.sender] -= value;\n _totalSupply -= value;\n\n emit Transfer(msg.sender, address(0), value);\n }\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n /** @dev private function\n */\n\n function toWei(uint256 value) private view returns (uint256) {\n return value * (10 ** uint256(decimals));\n }\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n}" + }, + { + "contract": "buggy_36.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.1;\n\n\ncontract owned {\n function bug_intou24(uint8 p_intou24) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou24; // overflow bug\n}\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address newOwner) onlyOwner public {\n owner = newOwner;\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n}\n\n\ncontract tokenRecipient {\n function bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event receivedEther(address sender, uint amount);\n function bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n event receivedTokens(address _from, uint256 _value, address _token, bytes _extraData);\n\n function receiveApproval(address _from, uint256 _value, address _token, bytes memory _extraData) public {\n Token t = Token(_token);\n require(t.transferFrom(_from, address(this), _value));\n emit receivedTokens(_from, _value, _token, _extraData);\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n\n function () payable external {\n emit receivedEther(msg.sender, msg.value);\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n}\n\n\ncontract Token {\n function totalSupply() public view returns (uint256);\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n function actualBalanceOf(address _owner) public view returns (uint256 balance);\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n function renounceOwnership() public;\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n function transferOwnership(address _newOwner) public;\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function pause() public;\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n function unpause() public;\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n}\n\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"Safe mul error\");\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"Safe div error\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"Safe sub error\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"Safe add error\");\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"Safe mod error\");\n return a % b;\n }\n}\n\n\n/**\n * The Mindsync Platform contract\n */\ncontract MindsyncPlatform is owned, tokenRecipient {\n using SafeMath for uint256;\n\n mapping(address => uint) public lockTime_intou5;\n\nfunction increaseLockTime_intou5(uint _secondsToIncrease) public {\n lockTime_intou5[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou5() public {\n require(now > lockTime_intou5[msg.sender]); \n uint transferValue_intou5 = 10; \n msg.sender.transfer(transferValue_intou5);\n }\n uint public minimumQuorum;\n function bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint public minimumTokensToVote;\n function bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n uint public debatingPeriodInMinutes;\n mapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n Proposal[] public proposals;\n mapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n uint public numProposals;\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n Token public tokenAddress;\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n address chairmanAddress;\n\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n bool public initialized = false;\n\n function bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Initialized();\n function bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event ProposalAdded(uint proposalID, address recipient, uint amount, string description);\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event Voted(uint proposalID, bool position, address voter);\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event ProposalTallied(uint proposalID, uint result, uint quorum, bool active);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event ChangeOfRules(uint newMinimumTokensToVote, uint newMinimumQuorum, uint newDebatingPeriodInMinutes, address newTokenAddress, address newChairmanAddress);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event ProposalSignedByChairman(uint proposalNumber, bool sign, address chairman);\n \n struct Proposal {\n address recipient;\n uint amount;\n string description;\n bool signedByChairman;\n uint minExecutionDate;\n bool executed;\n bool proposalPassed;\n uint numberOfVotes;\n bytes32 proposalHash;\n Vote[] votes;\n mapping (address => bool) voted;\n }\n\n struct Vote {\n bool inSupport;\n address voter;\n }\n\n // Modifier that allows only tokenholders with at least minimumTokensToVote tokens to vote and create new proposals\n modifier onlyTokenholders {\n require(tokenAddress.actualBalanceOf(msg.sender) > minimumTokensToVote);\n _;\n }\n\n // Modifier that allows only chairman execute function\n modifier onlyChairman {\n require(msg.sender == chairmanAddress);\n _;\n }\n\n\n /**\n * Constructor\n *\n * First time rules setup \n */\n constructor() payable public {\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n\n /**\n * Initialize contract\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function init(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(!initialized);\n initialized = true;\n changeVotingRules(_tokenAddress, _chairmanAddress, _minimumTokensToVote, _minimumPercentToPassAVote, _minutesForDebate);\n emit Initialized();\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n\n /**\n * Change voting rules\n *\n * Make so that proposals need to be discussed for at least `minutesForDebate/60` hours\n * and all voters combined must own more than `minimumPercentToPassAVote` multiplied by total supply tokens of `tokenAddress` to be executed\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function changeVotingRules(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(_chairmanAddress != address(0));\n require(_minimumPercentToPassAVote <= 51);\n tokenAddress = Token(_tokenAddress);\n chairmanAddress = _chairmanAddress;\n if (_minimumTokensToVote == 0 ) _minimumTokensToVote = 1;\n minimumTokensToVote = _minimumTokensToVote;\n if (_minimumPercentToPassAVote == 0 ) _minimumPercentToPassAVote = 51;\n minimumQuorum = _minimumPercentToPassAVote;\n debatingPeriodInMinutes = _minutesForDebate;\n emit ChangeOfRules(_minimumTokensToVote, minimumQuorum, debatingPeriodInMinutes, address(tokenAddress), chairmanAddress);\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n\n /**\n * Add Proposal\n *\n * Propose to execute transaction\n *\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionDescription Description of transaction\n * @param transactionBytecode bytecode of transaction\n */\n function newProposal(\n address destination,\n uint weiAmount,\n string memory transactionDescription,\n bytes memory transactionBytecode\n )\n onlyTokenholders public\n returns (uint proposalID)\n {\n proposalID = proposals.length++;\n Proposal storage p = proposals[proposalID];\n p.recipient = destination;\n p.signedByChairman = false;\n p.amount = weiAmount;\n p.description = transactionDescription;\n p.proposalHash = keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n p.minExecutionDate = now + debatingPeriodInMinutes * 1 minutes;\n p.executed = false;\n p.proposalPassed = false;\n p.numberOfVotes = 0;\n emit ProposalAdded(proposalID, destination, weiAmount, transactionDescription);\n numProposals = proposalID+1;\n\n return proposalID;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n /**\n * Check if a proposal code matches\n *\n * @param proposalNumber ID number of the proposal to query\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionBytecode bytecode of transaction\n */\n function checkProposalCode(\n uint proposalNumber,\n address destination,\n uint weiAmount,\n bytes memory transactionBytecode\n )\n view public\n returns (bool codeChecksOut)\n {\n Proposal storage p = proposals[proposalNumber];\n return p.proposalHash == keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n /**\n * Sign a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param signProposal true for sign\n */\n function sign(\n uint proposalNumber,\n bool signProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n require(initialized);\n Proposal storage p = proposals[proposalNumber];\n require(msg.sender == chairmanAddress);\n require(signProposal == true);\n\n p.signedByChairman = signProposal;\n emit ProposalSignedByChairman(proposalNumber, signProposal, msg.sender);\n return proposalNumber;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n\n /**\n * Log a vote for a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param supportsProposal either in favor or against it\n */\n function vote(\n uint proposalNumber,\n bool supportsProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n Proposal storage p = proposals[proposalNumber];\n require(p.voted[msg.sender] != true);\n\n voteID = p.votes.length++;\n p.votes[voteID] = Vote({inSupport: supportsProposal, voter: msg.sender});\n p.voted[msg.sender] = true;\n p.numberOfVotes = voteID +1;\n emit Voted(proposalNumber, supportsProposal, msg.sender);\n return voteID;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /**\n * Finish vote\n *\n * Count the votes proposal #`proposalNumber` and execute it if approved\n *\n * @param proposalNumber proposal number\n * @param transactionBytecode optional: if the transaction contained a bytecode, you need to send it\n */\n function executeProposal(uint proposalNumber, bytes memory transactionBytecode) public {\n Proposal storage p = proposals[proposalNumber];\n\n require(initialized);\n require(now > p.minExecutionDate // If it is past the voting deadline\n && !p.executed // and it has not already been executed\n && p.proposalHash == keccak256(abi.encodePacked(p.recipient, p.amount, transactionBytecode))); // and the supplied code matches the proposal...\n\n\n // ...then tally the results\n uint quorum = 0;\n uint yea = 0;\n uint nay = 0;\n\n for (uint i = 0; i < p.votes.length; ++i) {\n Vote storage v = p.votes[i];\n uint voteWeight = tokenAddress.actualBalanceOf(v.voter);\n quorum += voteWeight;\n if (v.inSupport) {\n yea += voteWeight;\n } else {\n nay += voteWeight;\n }\n }\n\n Token t = Token(tokenAddress);\n require(quorum >= t.totalSupply().mul(minimumQuorum).div(100)); // Check if a minimum quorum has been reached\n\n if (yea > nay ) {\n // Proposal passed; execute the transaction\n\n p.executed = true;\n \n (bool success, ) = p.recipient.call.value(p.amount)(transactionBytecode);\n require(success);\n\n p.proposalPassed = true;\n } else {\n // Proposal failed\n p.proposalPassed = false;\n }\n\n // Fire Events\n emit ProposalTallied(proposalNumber, yea - nay, quorum, p.proposalPassed);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n}\n" + }, + { + "contract": "buggy_14.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.1;\n\nlibrary SafeMath {\n\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b);\n\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n \n require(b > 0);\n uint256 c = a / b;\n \n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n\n return c;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a);\n\n return c;\n }\n\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n}\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n \n function balanceOf(address who) external view returns (uint256);\n \n function transfer(address to, uint256 value) external returns (bool);\n\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n function approve(address spender, uint256 value) external returns (bool);\n\n function allowance(address owner, address spender) external view returns (uint256);\n\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n event Burn(address indexed from, uint256 value);\n}\n\n\ncontract ERC20 is IERC20 {\n \n using SafeMath for uint256;\n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint8 constant DECIMALS = 18;\n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint256 private _totalSupply;\n string private _name;\n string private _symbol;\n \n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n mapping (address => uint256) private _balances;\n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => mapping (address => uint256)) private _allowed;\n\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n function transfer(address to, uint256 value) public returns (bool) {\n _transfer(msg.sender, to, value);\n return true;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n _transfer(from, to, value);\n _approve(from, msg.sender, _allowed[from][msg.sender].sub(value));\n return true;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n \n function burn(uint256 value) public {\n _burn(msg.sender, value);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n \n function _mint(address account, uint256 value) internal {\n require(account != address(0));\n _totalSupply = _totalSupply.add(value);\n _balances[account] = _balances[account].add(value);\n emit Transfer(address(0), account, value);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n \n function _transfer(address from, address to, uint256 value) internal {\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n _balances[to] = _balances[to].add(value);\n emit Transfer(from, to, value);\n \n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function _approve(address owner, address spender, uint256 value) internal {\n require(spender != address(0));\n require(owner != address(0));\n\n _allowed[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n \n function _burn(address account, uint256 value) internal {\n require(account != address(0));\n \n _totalSupply = _totalSupply.sub(value);\n _balances[account] = _balances[account].sub(value);\n emit Transfer(account, address(0), value);\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\ncontract ERC20Detailed is IERC20 {\n string private _name;\n string private _symbol;\n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n uint8 private _decimals;\n\n constructor (string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n /**\n * @return the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n } \nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n\n /**\n * @return the symbol of the token.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @return the number of decimals of the token.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\ncontract SaveWon is ERC20, ERC20Detailed {\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n uint8 public constant DECIMALS = 18;\n uint256 public constant INITIAL_SUPPLY = 50000000000 * (10 ** uint256(DECIMALS));\n\n /**\n * @dev Constructor that gives msg.sender all of existing tokens.\n */\n constructor () public ERC20Detailed(\"SaveWon\", \"SVW\", DECIMALS) {\n _mint(msg.sender, INITIAL_SUPPLY);\n }\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n}" + }, + { + "contract": "buggy_20.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.10;\n\n/**\n * Copyright \u00a9 2017-2019 Ramp Network sp. z o.o. All rights reserved (MIT License).\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy of this software\n * and associated documentation files (the \"Software\"), to deal in the Software without restriction,\n * including without limitation the rights to use, copy, modify, merge, publish, distribute,\n * sublicense, and/or sell copies of the Software, and to permit persons to whom the Software\n * is furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in all copies\n * or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING\n * BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE\n * AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n */\n\n\n/**\n * A standard, simple transferrable contract ownership.\n */\ncontract Ownable {\n\n mapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n address public owner;\n\n function bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event OwnerChanged(address oldOwner, address newOwner);\n\n constructor() internal {\n owner = msg.sender;\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n\n modifier onlyOwner() {\n require(msg.sender == owner, \"only the owner can call this\");\n _;\n }\n\n function changeOwner(address _newOwner) external onlyOwner {\n owner = _newOwner;\n emit OwnerChanged(msg.sender, _newOwner);\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n}\n\n\n/**\n * A contract that can be stopped/restarted by its owner.\n */\ncontract Stoppable is Ownable {\n\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n bool public isActive = true;\n\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event IsActiveChanged(bool _isActive);\n\n modifier onlyActive() {\n require(isActive, \"contract is stopped\");\n _;\n }\n\n function setIsActive(bool _isActive) external onlyOwner {\n if (_isActive == isActive) return;\n isActive = _isActive;\n emit IsActiveChanged(_isActive);\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n}\n\n/**\n * A simple interface used by the escrows contract (precisely AssetAdapters) to interact\n * with the liquidity pools.\n */\ncontract RampInstantPoolInterface {\n\n uint16 public ASSET_TYPE;\n\n function sendFundsToSwap(uint256 _amount)\n public /*onlyActive onlySwapsContract isWithinLimits*/ returns(bool success);\n\n}\n\n/**\n * An interface of the RampInstantEscrows functions that are used by the liquidity pool contracts.\n * See RampInstantEscrows.sol for more comments.\n */\ncontract RampInstantEscrowsPoolInterface {\n\n uint16 public ASSET_TYPE;\n\n function release(\n address _pool,\n address payable _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n )\n external;\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n } /*statusAtLeast(Status.FINALIZE_ONLY) onlyOracleOrPool(_pool, _oracle)*/\n\n function returnFunds(\n address payable _pool,\n address _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n )\n external;\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n } /*statusAtLeast(Status.RETURN_ONLY) onlyOracleOrPool(_pool, _oracle)*/\n\n}\n\n/**\n * An abstract Ramp Instant Liquidity Pool. A liquidity provider deploys an instance of this\n * contract, and sends his funds to it. The escrows contract later withdraws portions of these\n * funds to be locked. The owner can withdraw any part of the funds at any time, or temporarily\n * block creating new escrows by stopping the contract.\n *\n * The pool owner can set and update min/max swap amounts, with an upper limit of 2^240 wei/units\n * (see `AssetAdapterWithFees` for more info).\n *\n * The paymentDetailsHash parameters works the same as in the `RampInstantEscrows` contract, only\n * with 0 value and empty transfer title. It describes the bank account where the pool owner expects\n * to be paid, and can be used to validate that a created swap indeed uses the same account.\n *\n * @author Ramp Network sp. z o.o.\n */\ncontract RampInstantPool is Ownable, Stoppable, RampInstantPoolInterface {\n\n uint256 constant private MAX_SWAP_AMOUNT_LIMIT = 1 << 240;\n uint16 public ASSET_TYPE;\n\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n address payable public swapsContract;\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n uint256 public minSwapAmount;\n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 public maxSwapAmount;\n mapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n bytes32 public paymentDetailsHash;\n\n /**\n * Triggered when the pool receives new funds, either a topup, or a returned escrow from an old\n * swaps contract if it was changed. Avilable for ETH, ERC-223 and ERC-777 token pools.\n * Doesn't work for plain ERC-20 tokens, since they don't provide such an interface.\n */\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event ReceivedFunds(address _from, uint256 _amount);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event LimitsChanged(uint256 _minAmount, uint256 _maxAmount);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event SwapsContractChanged(address _oldAddress, address _newAddress);\n\n constructor(\n address payable _swapsContract,\n uint256 _minSwapAmount,\n uint256 _maxSwapAmount,\n bytes32 _paymentDetailsHash,\n uint16 _assetType\n )\n public\n validateLimits(_minSwapAmount, _maxSwapAmount)\n validateSwapsContract(_swapsContract, _assetType)\n {\n swapsContract = _swapsContract;\n paymentDetailsHash = _paymentDetailsHash;\n minSwapAmount = _minSwapAmount;\n maxSwapAmount = _maxSwapAmount;\n ASSET_TYPE = _assetType;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function availableFunds() public view returns (uint256);\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n function withdrawFunds(address payable _to, uint256 _amount)\n public /*onlyOwner*/ returns (bool success);\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n function withdrawAllFunds(address payable _to) public onlyOwner returns (bool success) {\n return withdrawFunds(_to, availableFunds());\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n function setLimits(\n uint256 _minAmount,\n uint256 _maxAmount\n ) public onlyOwner validateLimits(_minAmount, _maxAmount) {\n minSwapAmount = _minAmount;\n maxSwapAmount = _maxAmount;\n emit LimitsChanged(_minAmount, _maxAmount);\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n function setSwapsContract(\n address payable _swapsContract\n ) public onlyOwner validateSwapsContract(_swapsContract, ASSET_TYPE) {\n address oldSwapsContract = swapsContract;\n swapsContract = _swapsContract;\n emit SwapsContractChanged(oldSwapsContract, _swapsContract);\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n function sendFundsToSwap(uint256 _amount)\n public /*onlyActive onlySwapsContract isWithinLimits*/ returns(bool success);\n\n function releaseSwap(\n address payable _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n ) external onlyOwner {\n RampInstantEscrowsPoolInterface(swapsContract).release(\n address(this),\n _receiver,\n _oracle,\n _assetData,\n _paymentDetailsHash\n );\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function returnSwap(\n address _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n ) external onlyOwner {\n RampInstantEscrowsPoolInterface(swapsContract).returnFunds(\n address(this),\n _receiver,\n _oracle,\n _assetData,\n _paymentDetailsHash\n );\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Needed for address(this) to be payable in call to returnFunds.\n * The Eth pool overrides this to not throw.\n */\n function () external payable {\n revert(\"this pool cannot receive ether\");\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n modifier onlySwapsContract() {\n require(msg.sender == swapsContract, \"only the swaps contract can call this\");\n _;\n }\n\n modifier isWithinLimits(uint256 _amount) {\n require(_amount >= minSwapAmount && _amount <= maxSwapAmount, \"amount outside swap limits\");\n _;\n }\n\n modifier validateLimits(uint256 _minAmount, uint256 _maxAmount) {\n require(_minAmount <= _maxAmount, \"min limit over max limit\");\n require(_maxAmount <= MAX_SWAP_AMOUNT_LIMIT, \"maxAmount too high\");\n _;\n }\n\n modifier validateSwapsContract(address payable _swapsContract, uint16 _assetType) {\n require(_swapsContract != address(0), \"null swaps contract address\");\n require(\n RampInstantEscrowsPoolInterface(_swapsContract).ASSET_TYPE() == _assetType,\n \"pool asset type doesn't match swap contract\"\n );\n _;\n }\n\n}\n\n/**\n * A pool that implements handling of ETH assets. See `RampInstantPool`.\n *\n * @author Ramp Network sp. z o.o.\n */\ncontract RampInstantEthPool is RampInstantPool {\n\n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n uint16 internal constant ETH_TYPE_ID = 1;\n\n constructor(\n address payable _swapsContract,\n uint256 _minSwapAmount,\n uint256 _maxSwapAmount,\n bytes32 _paymentDetailsHash\n )\n public\n RampInstantPool(\n _swapsContract, _minSwapAmount, _maxSwapAmount, _paymentDetailsHash, ETH_TYPE_ID\n )\n {}\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function availableFunds() public view returns(uint256) {\n return address(this).balance;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n function withdrawFunds(\n address payable _to,\n uint256 _amount\n ) public onlyOwner returns (bool success) {\n _to.transfer(_amount); // always throws on failure\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function sendFundsToSwap(\n uint256 _amount\n ) public onlyActive onlySwapsContract isWithinLimits(_amount) returns(bool success) {\n swapsContract.transfer(_amount); // always throws on failure\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n /**\n * This adapter can receive eth payments, but no other use of the fallback function is allowed.\n */\n function () external payable {\n require(msg.data.length == 0, \"invalid pool function called\");\n if (msg.sender != swapsContract) {\n emit ReceivedFunds(msg.sender, msg.value);\n }\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n}\n" + }, + { + "contract": "buggy_3.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.1;\n\ncontract CareerOnToken {\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed a_owner, address indexed _spender, uint256 _value);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event OwnerChang(address indexed _old,address indexed _new,uint256 _coin_change);\n \n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint256 public totalSupply; \n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n string public name; //\u540d\u79f0\uff0c\u4f8b\u5982\"My test token\"\n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint8 public decimals; //\u8fd4\u56detoken\u4f7f\u7528\u7684\u5c0f\u6570\u70b9\u540e\u51e0\u4f4d\u3002\u6bd4\u5982\u5982\u679c\u8bbe\u7f6e\u4e3a3\uff0c\u5c31\u662f\u652f\u63010.001\u8868\u793a.\n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n string public symbol; //token\u7b80\u79f0,like MTT\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n address public owner;\n \n function bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n mapping (address => uint256) internal balances;\n mapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n mapping (address => mapping (address => uint256)) internal allowed;\n \n\t//\u5982\u679c\u901a\u8fc7\u51fd\u6570setPauseStatus\u8bbe\u7f6e\u8fd9\u4e2a\u53d8\u91cf\u4e3aTRUE\uff0c\u5219\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\u90fd\u4f1a\u5931\u8d25\n function bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n bool isTransPaused=false;\n \n constructor(\n uint256 _initialAmount,\n uint8 _decimalUnits) public \n {\n owner=msg.sender;//\u8bb0\u5f55\u5408\u7ea6\u7684owner\n\t\tif(_initialAmount<=0){\n\t\t totalSupply = 100000000000000000; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=totalSupply;\n\t\t}else{\n\t\t totalSupply = _initialAmount; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=_initialAmount;\n\t\t}\n\t\tif(_decimalUnits<=0){\n\t\t decimals=2;\n\t\t}else{\n\t\t decimals = _decimalUnits;\n\t\t}\n name = \"CareerOn Chain Token\"; \n symbol = \"COT\";\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n \n function transfer(\n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to]\n );\n \n balances[msg.sender] -= _value;//\u4ece\u6d88\u606f\u53d1\u9001\u8005\u8d26\u6237\u4e2d\u51cf\u53bbtoken\u6570\u91cf_value\n balances[_to] += _value;//\u5f80\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n\t\tif(msg.sender==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(msg.sender, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n function transferFrom(\n address _from, \n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to] &&\n allowed[_from][msg.sender] >= _value\n );\n \n balances[_to] += _value;//\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n balances[_from] -= _value; //\u652f\u51fa\u8d26\u6237_from\u51cf\u53bbtoken\u6570\u91cf_value\n allowed[_from][msg.sender] -= _value;//\u6d88\u606f\u53d1\u9001\u8005\u53ef\u4ee5\u4ece\u8d26\u6237_from\u4e2d\u8f6c\u51fa\u7684\u6570\u91cf\u51cf\u5c11_value\n if(_from==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(_from, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n function approve(address _spender, uint256 _value) public returns (bool success) \n { \n assert(msg.sender!=_spender && _value>0);\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function allowance(\n address _owner, \n address _spender) public view returns (uint256 remaining) \n {\n return allowed[_owner][_spender];//\u5141\u8bb8_spender\u4ece_owner\u4e2d\u8f6c\u51fa\u7684token\u6570\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n \n function balanceOf(address accountAddr) public view returns (uint256) {\n return balances[accountAddr];\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\t\n\t//\u4ee5\u4e0b\u4e3a\u672c\u4ee3\u5e01\u534f\u8bae\u7684\u7279\u6b8a\u903b\u8f91\n\t//\u8f6c\u79fb\u534f\u8bae\u6240\u6709\u6743\u5e76\u5c06\u9644\u5e26\u7684\u4ee3\u5e01\u4e00\u5e76\u8f6c\u79fb\u8fc7\u53bb\n\tfunction changeOwner(address newOwner) public{\n assert(msg.sender==owner && msg.sender!=newOwner);\n balances[newOwner]=balances[owner];\n balances[owner]=0;\n owner=newOwner;\n emit OwnerChang(msg.sender,newOwner,balances[owner]);//\u89e6\u53d1\u5408\u7ea6\u6240\u6709\u6743\u7684\u8f6c\u79fb\u4e8b\u4ef6\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n \n\t//isPaused\u4e3atrue\u5219\u6682\u505c\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\n function setPauseStatus(bool isPaused)public{\n assert(msg.sender==owner);\n isTransPaused=isPaused;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n\t//\u4fee\u6539\u5408\u7ea6\u540d\u5b57\n function changeContractName(string memory _newName,string memory _newSymbol) public {\n assert(msg.sender==owner);\n name=_newName;\n symbol=_newSymbol;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n \n \n function () external payable {\n revert();\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}" + }, + { + "contract": "buggy_11.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.0;\n\n\nlibrary SafeMath {\n function add(uint a, uint b) internal pure returns (uint c) {\n c = a + b;\n require(c >= a);\n }\n function sub(uint a, uint b) internal pure returns (uint c) {\n require(b <= a);\n c = a - b;\n }\n function mul(uint a, uint b) internal pure returns (uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\n function div(uint a, uint b) internal pure returns (uint c) {\n require(b > 0);\n c = a / b;\n }\n}\n\ncontract ERC20Interface {\n function totalSupply() public view returns (uint);\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n function balanceOf(address tokenOwner) public view returns (uint balance);\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n function transfer(address to, uint tokens) public returns (bool success);\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n function approve(address spender, uint tokens) public returns (bool success);\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint tokens);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\n\ncontract ApproveAndCallFallBack {\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n}\n\n\ncontract Owned {\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n address public owner;\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n address public newOwner;\n\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n}\n\n\ncontract ForTheBlockchain is ERC20Interface, Owned {\n using SafeMath for uint;\n\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n string public symbol;\n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint public decimals;\n mapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n string public name;\n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n uint _totalSupply;\n\n\n mapping(address => uint) balances;\n mapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n mapping(address => mapping(address => uint)) allowed;\n\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n constructor() public {\n symbol = \"FTB\";\n name = \"ForTheBlockchain\";\n decimals = 8;\n _totalSupply =100000000 * 10**(decimals);\n balances[owner] = _totalSupply;\n emit Transfer(address(0), owner, _totalSupply);\n \n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n function totalSupply() public view returns (uint) {\n return _totalSupply.sub(balances[address(0)]);\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Get the token balance for account `tokenOwner`\n // ------------------------------------------------------------------------\n function balanceOf(address tokenOwner) public view returns (uint balance) {\n return balances[tokenOwner];\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to `to` account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transfer(address to, uint tokens) public returns (bool success) {\n balances[msg.sender] = balances[msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(msg.sender, to, tokens);\n return true;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces\n // ------------------------------------------------------------------------\n function approve(address spender, uint tokens) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Transfer `tokens` from the `from` account to the `to` account\n //\n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the `from` account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transferFrom(address from, address to, uint tokens) public returns (bool success) {\n balances[from] = balances[from].sub(tokens);\n allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(from, to, tokens);\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n function allowance(address tokenOwner, address spender) public view returns (uint remaining) {\n return allowed[tokenOwner][spender];\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account. The `spender` contract function\n // `receiveApproval(...)` is then executed\n // ------------------------------------------------------------------------\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Don't accept ETH\n // ------------------------------------------------------------------------\n function () external payable {\n revert();\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}" + }, + { + "contract": "buggy_41.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-25\n*/\n\n/**\n *Submitted for verification at Etherscan.io on 2019-05-23\n*/\n\npragma solidity ^0.5.11;\n\ninterface tokenRecipient { \n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\ncontract AO {\n // Public variables of the token\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n string public name;\n function bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n string public symbol;\n mapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n function bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n uint256 public totalSupply;\n\n // This creates an array with all balances\n function bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => uint256) public balanceOf;\n function bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constructor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value >= balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` on behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n /**\n * Set allowance for other address and notify\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n * @param _extraData some extra information to send to the approved contract\n */\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData)\n public\n returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}\n" + }, + { + "contract": "buggy_12.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.4.23;\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b);\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0);\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a);\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a >= b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Calculates the average of two numbers. Since these are integers,\n * averages of an even and odd number cannot be represented, and will be\n * rounded down.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow, so we distribute\n return (a / 2) + (b / 2) + ((a % 2 + b % 2) / 2);\n }\n}\n\n/*** @title ERC20 interface */\ncontract ERC20 {\n function totalSupply() public view returns (uint256);\nmapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n function balanceOf(address _owner) public view returns (uint256);\nmapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n function transfer(address _to, uint256 _value) public returns (bool);\nfunction bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool);\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function approve(address _spender, uint256 _value) public returns (bool);\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n function allowance(address _owner, address _spender) public view returns (uint256);\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n}\n\n/*** @title ERC223 interface */\ncontract ERC223ReceivingContract {\n function tokenFallback(address _from, uint _value, bytes memory _data) public;\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n}\n\ncontract ERC223 {\n function balanceOf(address who) public view returns (uint);\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n function transfer(address to, uint value) public returns (bool);\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function transfer(address to, uint value, bytes memory data) public returns (bool);\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Transfer(address indexed from, address indexed to, uint value); //ERC 20 style\n //event Transfer(address indexed from, address indexed to, uint value, bytes data);\n}\n\n/*** @title ERC223 token */\ncontract ERC223Token is ERC223 {\n using SafeMath for uint;\n\n function bug_intou16(uint8 p_intou16) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou16; // overflow bug\n}\n mapping(address => uint256) balances;\n\n function transfer(address _to, uint _value) public returns (bool) {\n uint codeLength;\n bytes memory empty;\n\n assembly {\n // Retrieve the size of the code on target address, this needs assembly .\n codeLength := extcodesize(_to)\n }\n\n require(_value > 0);\n require(balances[msg.sender] >= _value);\n require(balances[_to] + _value > 0);\n require(msg.sender != _to);\n balances[msg.sender] = balances[msg.sender].sub(_value);\n balances[_to] = balances[_to].add(_value);\n\n if (codeLength > 0) {\n ERC223ReceivingContract receiver = ERC223ReceivingContract(_to);\n receiver.tokenFallback(msg.sender, _value, empty);\n return false;\n }\n\n emit Transfer(msg.sender, _to, _value);\n return true;\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n function transfer(address _to, uint _value, bytes memory _data) public returns (bool) {\n // Standard function transfer similar to ERC20 transfer with no _data .\n // Added due to backwards compatibility reasons .\n uint codeLength;\n assembly {\n // Retrieve the size of the code on target address, this needs assembly .\n codeLength := extcodesize(_to)\n }\n\n require(_value > 0);\n require(balances[msg.sender] >= _value);\n require(balances[_to] + _value > 0);\n require(msg.sender != _to);\n\n balances[msg.sender] = balances[msg.sender].sub(_value);\n balances[_to] = balances[_to].add(_value);\n\n if (codeLength > 0) {\n ERC223ReceivingContract receiver = ERC223ReceivingContract(_to);\n receiver.tokenFallback(msg.sender, _value, _data);\n return false;\n }\n\n emit Transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function balanceOf(address _owner) public view returns (uint256) {\n return balances[_owner];\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n}\n\n//////////////////////////////////////////////////////////////////////////\n//////////////////////// [Grand Coin] MAIN ////////////////////////\n//////////////////////////////////////////////////////////////////////////\n/*** @title Owned */\ncontract Owned {\n function bug_intou24(uint8 p_intou24) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou24; // overflow bug\n}\n address public owner;\n\n constructor() internal {\n owner = msg.sender;\n owner = 0x800A4B210B920020bE22668d28afd7ddef5c6243\n;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n}\n\n/*** @title Grand Token */\ncontract Grand is ERC223Token, Owned {\n mapping(address => uint) public lockTime_intou5;\n\nfunction increaseLockTime_intou5(uint _secondsToIncrease) public {\n lockTime_intou5[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou5() public {\n require(now > lockTime_intou5[msg.sender]); \n uint transferValue_intou5 = 10; \n msg.sender.transfer(transferValue_intou5);\n }\n string public constant name = \"Grand Coin\";\n function bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n string public constant symbol = \"GRAND\";\n function bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n uint8 public constant decimals = 18;\n\n uint256 public tokenRemained = 2 * (10 ** 9) * (10 ** uint(decimals)); // 2 billion Grand, decimals set to 18\n uint256 public totalSupply = 2 * (10 ** 9) * (10 ** uint(decimals));\n\n mapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n bool public pause = false;\n\n mapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n mapping(address => bool) lockAddresses;\n\n // constructor\n constructor () public {\n //allocate to ______\n balances[0x96F7F180C6B53e9313Dc26589739FDC8200a699f] = totalSupply;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n // change the contract owner\n function changeOwner(address _new) public onlyOwner {\n \trequire(_new != address(0));\n owner = _new;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n // pause all the g on the contract\n function pauseContract() public onlyOwner {\n pause = true;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0; \n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n function resumeContract() public onlyOwner {\n pause = false;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function is_contract_paused() public view returns (bool) {\n return pause;\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // lock one's wallet\n function lock(address _addr) public onlyOwner {\n lockAddresses[_addr] = true;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n function unlock(address _addr) public onlyOwner {\n lockAddresses[_addr] = false;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function am_I_locked(address _addr) public view returns (bool) {\n return lockAddresses[_addr];\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n // contract can receive eth\n function() external payable {}\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // extract ether sent to the contract\n function getETH(uint256 _amount) public onlyOwner {\n msg.sender.transfer(_amount);\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n /////////////////////////////////////////////////////////////////////\n ///////////////// ERC223 Standard functions /////////////////////////\n /////////////////////////////////////////////////////////////////////\n modifier transferable(address _addr) {\n require(!pause);\n require(!lockAddresses[_addr]);\n _;\n }\n\n function transfer(address _to, uint _value, bytes memory _data) public transferable(msg.sender) returns (bool) {\n return super.transfer(_to, _value, _data);\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function transfer(address _to, uint _value) public transferable(msg.sender) returns (bool) {\n return super.transfer(_to, _value);\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n /////////////////////////////////////////////////////////////////////\n /////////////////// Rescue functions //////////////////////////////\n /////////////////////////////////////////////////////////////////////\n function transferAnyERC20Token(address _tokenAddress, uint256 _value) public onlyOwner returns (bool) {\n return ERC20(_tokenAddress).transfer(owner, _value);\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}" + }, + { + "contract": "buggy_44.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.0;\n\n\ncontract EventMetadata {\n\n function bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event MetadataSet(bytes metadata);\n\n // state functions\n\n function _setMetadata(bytes memory metadata) internal {\n emit MetadataSet(metadata);\n }\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\n\n\ncontract Operated {\n\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n address private _operator;\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n bool private _status;\n\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event OperatorUpdated(address operator, bool status);\n\n // state functions\n\n function _setOperator(address operator) internal {\n require(_operator != operator, \"cannot set same operator\");\n _operator = operator;\n emit OperatorUpdated(operator, hasActiveOperator());\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n\n function _transferOperator(address operator) internal {\n // transferring operator-ship implies there was an operator set before this\n require(_operator != address(0), \"operator not set\");\n _setOperator(operator);\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n\n function _renounceOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _operator = address(0);\n _status = false;\n emit OperatorUpdated(address(0), false);\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n\n function _activateOperator() internal {\n require(!hasActiveOperator(), \"only when operator not active\");\n _status = true;\n emit OperatorUpdated(_operator, true);\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n function _deactivateOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _status = false;\n emit OperatorUpdated(_operator, false);\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // view functions\n\n function getOperator() public view returns (address operator) {\n operator = _operator;\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n\n function isOperator(address caller) public view returns (bool ok) {\n return (caller == getOperator());\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n function hasActiveOperator() public view returns (bool ok) {\n return _status;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function isActiveOperator(address caller) public view returns (bool ok) {\n return (isOperator(caller) && hasActiveOperator());\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n}\n\n\n\ncontract ProofHashes {\n\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event HashFormatSet(uint8 hashFunction, uint8 digestSize);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event HashSubmitted(bytes32 hash);\n\n // state functions\n\n function _setMultiHashFormat(uint8 hashFunction, uint8 digestSize) internal {\n // emit event\n emit HashFormatSet(hashFunction, digestSize);\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n function _submitHash(bytes32 hash) internal {\n // emit event\n emit HashSubmitted(hash);\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n}\n\n\n\n/**\n * @title MultiHashWrapper\n * @dev Contract that handles multi hash data structures and encoding/decoding\n * Learn more here: https://github.com/multiformats/multihash\n */\ncontract MultiHashWrapper {\n\n // bytes32 hash first to fill the first storage slot\n struct MultiHash {\n bytes32 hash;\n uint8 hashFunction;\n uint8 digestSize;\n }\n\n /**\n * @dev Given a multihash struct, returns the full base58-encoded hash\n * @param multihash MultiHash struct that has the hashFunction, digestSize and the hash\n * @return the base58-encoded full hash\n */\n function _combineMultiHash(MultiHash memory multihash) internal pure returns (bytes memory) {\n bytes memory out = new bytes(34);\n\n out[0] = byte(multihash.hashFunction);\n out[1] = byte(multihash.digestSize);\n\n uint8 i;\n for (i = 0; i < 32; i++) {\n out[i+2] = multihash.hash[i];\n }\n\n return out;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev Given a base58-encoded hash, divides into its individual parts and returns a struct\n * @param source base58-encoded hash\n * @return MultiHash that has the hashFunction, digestSize and the hash\n */\n function _splitMultiHash(bytes memory source) internal pure returns (MultiHash memory) {\n require(source.length == 34, \"length of source must be 34\");\n\n uint8 hashFunction = uint8(source[0]);\n uint8 digestSize = uint8(source[1]);\n bytes32 hash;\n\n assembly {\n hash := mload(add(source, 34))\n }\n\n return (MultiHash({\n hashFunction: hashFunction,\n digestSize: digestSize,\n hash: hash\n }));\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n}\n\n\n/* TODO: Update eip165 interface\n * bytes4(keccak256('create(bytes)')) == 0xcf5ba53f\n * bytes4(keccak256('getInstanceType()')) == 0x18c2f4cf\n * bytes4(keccak256('getInstanceRegistry()')) == 0xa5e13904\n * bytes4(keccak256('getImplementation()')) == 0xaaf10f42\n *\n * => 0xcf5ba53f ^ 0x18c2f4cf ^ 0xa5e13904 ^ 0xaaf10f42 == 0xd88967b6\n */\n interface iFactory {\n\n event InstanceCreated(address indexed instance, address indexed creator, string initABI, bytes initData);\n\n function create(bytes calldata initData) external returns (address instance);\n function createSalty(bytes calldata initData, bytes32 salt) external returns (address instance);\n function getInitSelector() external view returns (bytes4 initSelector);\n function getInstanceRegistry() external view returns (address instanceRegistry);\n function getTemplate() external view returns (address template);\n function getSaltyInstance(bytes calldata, bytes32 salt) external view returns (address instance);\n function getNextInstance(bytes calldata) external view returns (address instance);\n\n function getInstanceCreator(address instance) external view returns (address creator);\n function getInstanceType() external view returns (bytes4 instanceType);\n function getInstanceCount() external view returns (uint256 count);\n function getInstance(uint256 index) external view returns (address instance);\n function getInstances() external view returns (address[] memory instances);\n function getPaginatedInstances(uint256 startIndex, uint256 endIndex) external view returns (address[] memory instances);\n }\n\n\n\ncontract Template {\n\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n address private _factory;\n\n // modifiers\n\n modifier initializeTemplate() {\n // set factory\n _factory = msg.sender;\n\n // only allow function to be delegatecalled from within a constructor.\n uint32 codeSize;\n assembly { codeSize := extcodesize(address) }\n require(codeSize == 0, \"must be called within contract constructor\");\n _;\n }\n\n // view functions\n\n function getCreator() public view returns (address creator) {\n // iFactory(...) would revert if _factory address is not actually a factory contract\n creator = iFactory(_factory).getInstanceCreator(address(this));\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function isCreator(address caller) public view returns (bool ok) {\n ok = (caller == getCreator());\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function getFactory() public view returns (address factory) {\n factory = _factory;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n}\n\n\n\n\n\n\n\ncontract Feed is ProofHashes, MultiHashWrapper, Operated, EventMetadata, Template {\n\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Initialized(address operator, bytes multihash, bytes metadata);\n\n function initialize(\n address operator,\n bytes memory multihash,\n bytes memory metadata\n ) public initializeTemplate() {\n // set operator\n if (operator != address(0)) {\n Operated._setOperator(operator);\n Operated._activateOperator();\n }\n\n // add multihash to storage\n if (multihash.length != 0) {\n // unpack multihash\n MultiHashWrapper.MultiHash memory multihashObj = MultiHashWrapper._splitMultiHash(multihash);\n\n // set multihash format\n ProofHashes._setMultiHashFormat(multihashObj.hashFunction, multihashObj.digestSize);\n\n // submit hash\n ProofHashes._submitHash(multihashObj.hash);\n }\n\n // set metadata\n if (metadata.length != 0) {\n EventMetadata._setMetadata(metadata);\n }\n\n // log initialization params\n emit Initialized(operator, multihash, metadata);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n // state functions\n\n function submitHash(bytes32 multihash) public {\n // only active operator or creator\n require(Template.isCreator(msg.sender) || Operated.isActiveOperator(msg.sender), \"only active operator or creator\");\n\n // add multihash to storage\n ProofHashes._submitHash(multihash);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n function setMetadata(bytes memory metadata) public {\n // only active operator or creator\n require(Template.isCreator(msg.sender) || Operated.isActiveOperator(msg.sender), \"only active operator or creator\");\n\n // set metadata\n EventMetadata._setMetadata(metadata);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function transferOperator(address operator) public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._transferOperator(operator);\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n function renounceOperator() public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._renounceOperator();\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n}\n" + }, + { + "contract": "buggy_48.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.11; //compiles with 0.5.0 and above\n\n// ----------------------------------------------------------------------------\n// 'XQC' token contract\n//\n// Symbol : XQC\n// Name : Quras Token\n// Total supply: 888888888\n// Decimals : 8\n//\n// The MIT Licence.\n// ----------------------------------------------------------------------------\n\n\n// ----------------------------------------------------------------------------\n// Safe maths\n// ----------------------------------------------------------------------------\nlibrary SafeMath {\t//contract --> library : compiler version up\n function add(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n c = a + b;\n require(c >= a);\n }\n function sub(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n require(b <= a);\n c = a - b;\n }\n function mul(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n c = a * b;\n require(a == 0 || c / a == b);\n }\n function div(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n require(b > 0);\n c = a / b;\n }\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC Token Standard #20 Interface\n// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md\n// ----------------------------------------------------------------------------\ncontract ERC20Interface {\n function totalSupply() public view returns (uint);\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\t\t\t\t\t\t\t//constant -> view : compiler version up\n function balanceOf(address tokenOwner) public view returns (uint balance);\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\t\t\t\t//constant -> view : compiler version up\n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\t//constant -> view : compiler version up\n function transfer(address to, uint tokens) public returns (bool success);\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n function approve(address spender, uint tokens) public returns (bool success);\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint tokens);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\n\n// ----------------------------------------------------------------------------\n// Contract function to receive approval and execute function in one call\n//\n// Borrowed from MiniMeToken\n// ----------------------------------------------------------------------------\ncontract ApproveAndCallFallBack {\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\t//bytes -> memory : compiler version up\n}\n\n\n// ----------------------------------------------------------------------------\n// Owned contract\n// ----------------------------------------------------------------------------\ncontract Owned {\n mapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n address public owner;\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n address public newOwner;\n\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\t\t//function Owned -> constructor : compiler version up\n owner = msg.sender;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\t//add emit : compiler version up\n owner = newOwner;\n newOwner = address(0);\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC20 Token, with the addition of symbol, name and decimals and assisted\n// fixed supply\n// ----------------------------------------------------------------------------\ncontract QurasToken is ERC20Interface, Owned {\t\t//SafeMath -> using SafeMath for uint; : compiler version up\n using SafeMath for uint;\n\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n string public symbol;\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n string public name;\n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint8 public decimals;\n mapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n uint _totalSupply;\t\t\t//unit public -> uint : compiler version up\n\n mapping(address => uint) balances;\n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n mapping(address => mapping(address => uint)) allowed;\n\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n constructor() public {\t\t//function -> constructor : compiler version up\n symbol = \"XQC\";\n name = \"Quras Token\";\n decimals = 8;\n _totalSupply = 88888888800000000;\n balances[owner] = _totalSupply;\t\t//direct address -> owner : compiler version up\n emit Transfer(address(0), owner, _totalSupply);\t\t//add emit, direct address -> owner : compiler version up\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n function totalSupply() public view returns (uint) {\t\t//constant -> view : compiler version up\n return _totalSupply.sub(balances[address(0)]);\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Get the token balance for account `tokenOwner`\n // ------------------------------------------------------------------------\n function balanceOf(address tokenOwner) public view returns (uint balance) {\t\t//constant -> view : compiler version up\n return balances[tokenOwner];\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to `to` account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transfer(address to, uint tokens) public returns (bool success) {\n balances[msg.sender] = balances[msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(msg.sender, to, tokens);\t\t//add emit : compiler version up\n return true;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n\n function increaseApproval(address _spender, uint _addedValue) public returns (bool) {\n allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue);\n emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);\n return true;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n \n function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) {\n uint oldValue = allowed[msg.sender][_spender];\n if (_subtractedValue > oldValue) {\n allowed[msg.sender][_spender] = 0;\n } else {\n allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue);\n }\n emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n \n \n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces\n // ------------------------------------------------------------------------\n function approve(address spender, uint tokens) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\t\t//add emit : compiler version up\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Transfer `tokens` from the `from` account to the `to` account\n //\n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the `from` account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transferFrom(address from, address to, uint tokens) public returns (bool success) {\n balances[from] = balances[from].sub(tokens);\n allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(from, to, tokens);\t\t//add emit : compiler version up\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n function allowance(address tokenOwner, address spender) public view returns (uint remaining) {\t\t//constant -> view : compiler version up\n return allowed[tokenOwner][spender];\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account. The `spender` contract function\n // `receiveApproval(...)` is then executed\n // ------------------------------------------------------------------------\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\t\t//add emit : compiler version up\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}\n" + }, + { + "contract": "buggy_17.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, March 21, 2019\n (UTC) */\n\npragma solidity ^0.5.6;\n\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n require(c / a == b);\n return c;\n }\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b > 0);\n uint256 c = a / b;\n return c;\n }\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n return c;\n }\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a && c >= b);\n return c;\n }\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n function max256(uint256 a, uint256 b) internal pure returns (uint256) {\n return a >= b ? a : b;\n }\n function min256(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n}\n\n\n\n\ncontract owned {\nmapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address newOwner) onlyOwner public {\n owner = newOwner;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n}\n\ninterface tokenRecipient {\n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\n\ncontract TokenERC20 {\n using SafeMath for uint256;\nmapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n string public name;\nfunction bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n string public symbol;\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint8 public decimals;\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n uint256 public totalSupply;\n\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n mapping (address => uint256) public balanceOf;\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint256 value);\n\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Burn(address indexed from, uint256 value);\n\n\n constructor(string memory tokenName, string memory tokenSymbol, uint8 dec) public {\n decimals = dec;\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; \n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n function _transfer(address _from, address _to, uint _value) internal {\n require(_to != address(0x0));\n balanceOf[_from] = balanceOf[_from].sub(_value);\n balanceOf[_to] = balanceOf[_to].add(_value);\n emit Transfer(_from, _to, _value);\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n allowance[_from][msg.sender] = allowance[_from][msg.sender].sub(_value);\n\t\t_transfer(_from, _to, _value);\n\t\treturn true;\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData) public returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n}\n\n\n/******************************************/\n/* ADVANCED TOKEN STARTS HERE */\n/******************************************/\n\ncontract AZT is owned, TokenERC20 {\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n\tstring _tokenName = \"AZ FundChain\"; function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\tstring _tokenSymbol = \"AZT\";\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint8 _decimals = 18;\n\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n address[] public frozenAddresses;\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n bool public tokenFrozen;\n\n struct frozenWallet {\n bool isFrozen; //true or false\n uint256 rewardedAmount; //amount\n uint256 frozenAmount; //amount\n uint256 frozenTime; // in days\n }\n\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n mapping (address => frozenWallet) public frozenWallets;\n\n\n\n constructor() TokenERC20(_tokenName, _tokenSymbol, _decimals) public {\n\n /*Wallet A */\n frozenAddresses.push(address(0x9fd50776F133751E8Ae6abE1Be124638Bb917E05));\n frozenWallets[frozenAddresses[0]] = frozenWallet({\n isFrozen: true,\n rewardedAmount: 30000000 * 10 ** uint256(decimals),\n frozenAmount: 0 * 10 ** uint256(decimals),\n frozenTime: now + 1 * 1 hours //seconds, minutes, hours, days\n });\n\n for (uint256 i = 0; i < frozenAddresses.length; i++) {\n balanceOf[frozenAddresses[i]] = frozenWallets[frozenAddresses[i]].rewardedAmount;\n totalSupply = totalSupply.add(frozenWallets[frozenAddresses[i]].rewardedAmount);\n }\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n function _transfer(address _from, address _to, uint _value) internal {\n require(_to != address(0x0));\n require(checkFrozenWallet(_from, _value));\n balanceOf[_from] = balanceOf[_from].sub(_value); \n balanceOf[_to] = balanceOf[_to].add(_value); \n emit Transfer(_from, _to, _value);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function checkFrozenWallet(address _from, uint _value) public view returns (bool) {\n return(\n _from==owner || \n (!tokenFrozen && \n (!frozenWallets[_from].isFrozen || \n now>=frozenWallets[_from].frozenTime || \n balanceOf[_from].sub(_value)>=frozenWallets[_from].frozenAmount))\n );\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n\n function burn(uint256 _value) onlyOwner public returns (bool success) {\n balanceOf[msg.sender] = balanceOf[msg.sender].sub(_value); // Subtract from the sender\n totalSupply = totalSupply.sub(_value); // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n balanceOf[_from] = balanceOf[_from].sub(_value); // Subtract from the targeted balance\n allowance[_from][msg.sender] = allowance[_from][msg.sender].sub(_value); // Subtract from the sender's allowance\n totalSupply = totalSupply.sub(_value); // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n function freezeToken(bool freeze) onlyOwner public {\n tokenFrozen = freeze;\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}\n" + }, + { + "contract": "buggy_15.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, April 30, 2019\n (UTC) */\n\npragma solidity ^0.5.7;\n\ninterface tokenRecipient { \n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\ncontract MD{\n // Public variables of the token\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n string public name;\n function bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n string public symbol;\n mapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n function bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n uint256 public totalSupply;\n\n // This creates an array with all balances\n function bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => uint256) public balanceOf;\n function bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constructor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value >= balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` on behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0; \n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n /**\n * Set allowance for other address and notify\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n * @param _extraData some extra information to send to the approved contract\n */\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData)\n public\n returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}" + }, + { + "contract": "buggy_27.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.0;\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function allowance(address owner, address spender) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n function approve(address spender, uint256 value) external returns (bool);\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract Ownable {\n address public owner;\n function bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n \n \n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n \n\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\nmapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n \n \n}\n\ncontract ERC20Detailed is IERC20 {\n\n string private _name;\n string private _symbol;\n uint8 private _decimals;\n\n constructor(string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nmapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n\n function name() public view returns(string memory) {\n return _name;\n }\nmapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n\n function symbol() public view returns(string memory) {\n return _symbol;\n }\nfunction bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n\n function decimals() public view returns(uint8) {\n return _decimals;\n }\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\ncontract DanPanCoin is ERC20Detailed , Ownable{\n\n using SafeMath for uint256;\n mapping (address => uint256) private _balances;\n mapping (address => mapping (address => uint256)) private _allowed;\n\n string constant tokenName = \"Dan Pan Coin\";\nmapping(address => uint) balances_intou18;\n\nfunction transfer_intou18(address _to, uint _value) public returns (bool) {\n require(balances_intou18[msg.sender] - _value >= 0); //bug\n balances_intou18[msg.sender] -= _value; //bug\n balances_intou18[_to] += _value; //bug\n return true;\n }\n string constant tokenSymbol = \"DPC\";\nmapping(address => uint) public lockTime_intou29;\n\nfunction increaseLockTime_intou29(uint _secondsToIncrease) public {\n lockTime_intou29[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou29() public {\n require(now > lockTime_intou29[msg.sender]); \n uint transferValue_intou29 = 10; \n msg.sender.transfer(transferValue_intou29);\n }\n uint8 constant tokenDecimals = 2;\nmapping(address => uint) balances_intou6;\n\nfunction transfer_intou62(address _to, uint _value) public returns (bool) {\n require(balances_intou6[msg.sender] - _value >= 0); //bug\n balances_intou6[msg.sender] -= _value; //bug\n balances_intou6[_to] += _value; //bug\n return true;\n }\n uint256 _totalSupply = 10000000000;\nfunction bug_intou16(uint8 p_intou16) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou16; // overflow bug\n}\n uint256 public basePercent = 100;\nfunction bug_intou24(uint8 p_intou24) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou24; // overflow bug\n}\n uint256 public dpPercent = 5;\nmapping(address => uint) public lockTime_intou5;\n\nfunction increaseLockTime_intou5(uint _secondsToIncrease) public {\n lockTime_intou5[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou5() public {\n require(now > lockTime_intou5[msg.sender]); \n uint transferValue_intou5 = 10; \n msg.sender.transfer(transferValue_intou5);\n }\n address public DanPanAddress = msg.sender;\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event DanPanPercentChanged(uint256 previousDanPanPercent, uint256 newDanPanPercent);\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event DanPanAddressChanged(address indexed previousDanPan, address indexed newDanPan);\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event WhitelistFrom(address _addr, bool _whitelisted);\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event WhitelistTo(address _addr, bool _whitelisted);\n \n // fee whitelist\n function bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping(address => bool) public whitelistFrom;\n function bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n mapping(address => bool) public whitelistTo;\n\n constructor() public ERC20Detailed(tokenName, tokenSymbol, tokenDecimals) {\n _mint(msg.sender, _totalSupply);\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n function findOnePercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 onePercent = roundValue.mul(basePercent).div(10000);\n return onePercent;\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function findDPPercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 DPPercent = roundValue.mul(basePercent).div(10000).mul(dpPercent);\n return DPPercent;\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n\n function transfer(address to, uint256 value) public returns (bool) {\n require(value <= _balances[msg.sender]);\n require(to != address(0));\n \n // If transfer amount is zero\n // emit event and stop execution\n if (value == 0) {\n emit Transfer(msg.sender, to, 0);\n return true;\n }\n\n \n \n // Calculate receiver balance\n // initial receive is full value\n uint256 tokensToTransfer = value;\n uint256 tokensToBurn = 0;\n uint256 tokensToDanPan = 0;\n \n \n // Change sender balance\n _balances[msg.sender] = _balances[msg.sender].sub(value);\n\n // If the transaction is not whitelisted\n // calculate fees\n if (!_isWhitelisted(msg.sender, to)) {\n \n tokensToBurn = findOnePercent(value);\n tokensToDanPan = findDPPercent(value);\n\n // Subtract fees from receiver amount\n tokensToTransfer = value.sub(tokensToBurn).sub(tokensToDanPan);\n\n // Burn tokens\n _totalSupply = _totalSupply.sub(tokensToBurn);\n emit Transfer(msg.sender, address(0), tokensToBurn);\n \n \n // Transfer balance to DanPan\n _balances[DanPanAddress] = _balances[DanPanAddress].add(tokensToDanPan);\n emit Transfer(msg.sender, DanPanAddress, tokensToDanPan);\n\n }\n\n // Sanity checks\n // no tokens where created\n assert(tokensToBurn.add(tokensToTransfer).add(tokensToDanPan) == value);\n\n // Add tokens to receiver\n _balances[to] = _balances[to].add(tokensToTransfer);\n emit Transfer(msg.sender, to, tokensToTransfer);\n \n \n \n return true;\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function approve(address spender, uint256 value) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n require(value <= _balances[from]);\n require(value <= _allowed[from][msg.sender]);\n require(to != address(0));\n \n // If transfer amount is zero\n // emit event and stop execution\n if (value == 0) {\n emit Transfer(from, to, 0);\n return true;\n }\n\n // Calculate receiver balance\n // initial receive is full value\n uint256 tokensToTransfer = value;\n uint256 tokensToBurn = 0;\n uint256 tokensToDanPan = 0;\n \n // Change sender balance\n _balances[from] = _balances[from].sub(value);\n\n // If the transaction is not whitelisted\n // calculate fees\n if (!_isWhitelisted(from, to)) {\n \n tokensToBurn = findOnePercent(value);\n tokensToDanPan = findDPPercent(value);\n\n // Subtract fees from receiver amount\n tokensToTransfer = value.sub(tokensToBurn).sub(tokensToDanPan);\n\n // Burn tokens\n _totalSupply = _totalSupply.sub(tokensToBurn);\n emit Transfer(from, address(0), tokensToBurn);\n \n \n // Transfer balance to DanPan\n _balances[DanPanAddress] = _balances[DanPanAddress].add(tokensToDanPan);\n emit Transfer(from, DanPanAddress, tokensToDanPan);\n\n }\n\n // Sanity checks\n // no tokens where created\n assert(tokensToBurn.add(tokensToTransfer).add(tokensToDanPan) == value);\n\n // Add tokens to receiver\n _balances[to] = _balances[to].add(tokensToTransfer);\n\t_allowed[from][msg.sender] = _allowed[from][msg.sender].sub(value);\n emit Transfer(from, to, tokensToTransfer);\n \n \n \n return true;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].add(addedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].sub(subtractedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n function _mint(address account, uint256 amount) internal {\n require(amount != 0);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n function burn(uint256 amount) external {\n _burn(msg.sender, amount);\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function _burn(address account, uint256 amount) internal {\n require(amount != 0);\n require(amount <= _balances[account]);\n _totalSupply = _totalSupply.sub(amount);\n _balances[account] = _balances[account].sub(amount);\n emit Transfer(account, address(0), amount);\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function burnFrom(address account, uint256 amount) external {\n require(amount <= _allowed[account][msg.sender]);\n _allowed[account][msg.sender] = _allowed[account][msg.sender].sub(amount);\n _burn(account, amount);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n \n function NewDanPanAddress(address newDanPanaddress) external onlyOwner {\n require(newDanPanaddress != address(0));\n emit DanPanAddressChanged(DanPanAddress, newDanPanaddress);\n DanPanAddress = newDanPanaddress;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function NewDanPanPercent(uint256 newDanPanpercent) external onlyOwner {\n emit DanPanPercentChanged(dpPercent, newDanPanpercent);\n dpPercent = newDanPanpercent;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n \n function _isWhitelisted(address _from, address _to) internal view returns (bool) {\n \n return whitelistFrom[_from]||whitelistTo[_to];\n}\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function setWhitelistedTo(address _addr, bool _whitelisted) external onlyOwner {\n emit WhitelistTo(_addr, _whitelisted);\n whitelistTo[_addr] = _whitelisted;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n function setWhitelistedFrom(address _addr, bool _whitelisted) external onlyOwner {\n emit WhitelistFrom(_addr, _whitelisted);\n whitelistFrom[_addr] = _whitelisted;\n}\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n" + }, + { + "contract": "buggy_5.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.4.22;\n\ncontract Ownable {\nmapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n address public owner;\n\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n\n /**\n * @dev The Ownable constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor () public {\n owner = msg.sender;\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n}\n\ncontract TokenERC20 {\n // Public variables of the token\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n string public name;\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n string public symbol;\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 public totalSupply;\n\n // This creates an array with all balances\n mapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n mapping (address => uint256) public balanceOf;\n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constrctor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value > balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` in behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens in your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n /**\n * Set allowance for other address and notify\n \n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\n/******************************************/\n/* ADVANCED TOKEN STARTS HERE */\n/******************************************/\n\ncontract TTC is Ownable, TokenERC20 {\n\n mapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n uint256 public sellPrice;\n mapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n uint256 public buyPrice;\n\n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => bool) public frozenAccount;\n\n /* This generates a public event on the blockchain that will notify clients */\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event FrozenFunds(address target, bool frozen);\n\n /* Initializes contract with initial supply tokens to the creator of the contract */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {}\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /* Internal transfer, only can be called by this contract */\n function _transfer(address _from, address _to, uint _value) internal {\n require (_to != address(0x0)); // Prevent transfer to 0x0 address. Use burn() instead\n require (balanceOf[_from] >= _value); // Check if the sender has enough\n require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows\n require(!frozenAccount[_from]); // Check if sender is frozen\n require(!frozenAccount[_to]); // Check if recipient is frozen\n balanceOf[_from] -= _value; // Subtract from the sender\n balanceOf[_to] += _value; // Add the same to the recipient\n emit Transfer(_from, _to, _value);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n /// @notice Create `mintedAmount` tokens and send it to `target`\n /// @param target Address to receive the tokens\n /// @param mintedAmount the amount of tokens it will receive\n function mintToken(address target, uint256 mintedAmount) onlyOwner public {\n balanceOf[target] += mintedAmount;\n totalSupply += mintedAmount;\n emit Transfer(address(0), address(this), mintedAmount);\n emit Transfer(address(this), target, mintedAmount);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens\n /// @param target Address to be frozen\n /// @param freeze either to freeze it or not\n function freezeAccount(address target, bool freeze) onlyOwner public {\n frozenAccount[target] = freeze;\n emit FrozenFunds(target, freeze);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth\n /// @param newSellPrice Price the users can sell to the contract\n /// @param newBuyPrice Price users can buy from the contract\n function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public {\n sellPrice = newSellPrice;\n buyPrice = newBuyPrice;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /// @notice Buy tokens from contract by sending ether\n function buy() payable public {\n uint amount = msg.value / buyPrice; // calculates the amount\n _transfer(address(this), msg.sender, amount); // makes the transfers\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n /// @notice Sell `amount` tokens to contract\n /// @param amount amount of tokens to be sold\n function sell(uint256 amount) public {\n address myAddress = address(this);\n require(myAddress.balance >= amount * sellPrice); // checks if the contract has enough ether to buy\n _transfer(msg.sender, address(this), amount); // makes the transfers\n msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}" + }, + { + "contract": "buggy_49.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.11;\n\ncontract TAMC {\n mapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n mapping (address => uint256) public balanceOf;\n\n mapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n string public name = \"TAMC\";\n function bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n string public symbol = \"TAMC\";\n function bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint8 public decimals = 18;\n uint256 public totalSupply = 1000000000 * (uint256(10) ** decimals);\n\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n constructor() public {\n balanceOf[msg.sender] = totalSupply;\n emit Transfer(address(0), msg.sender, totalSupply);\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function transfer(address to, uint256 value) public returns (bool success) {\n require(balanceOf[msg.sender] >= value);\n balanceOf[msg.sender] -= value;\n balanceOf[to] += value;\n emit Transfer(msg.sender, to, value);\n return true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n function bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n mapping(address => mapping(address => uint256)) public allowance;\n\n function approve(address spender, uint256 value)\n public\n returns (bool success)\n {\n allowance[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n\n function transferFrom(address from, address to, uint256 value)\n public\n returns (bool success)\n {\n require(value <= balanceOf[from]);\n require(value <= allowance[from][msg.sender]);\n\n balanceOf[from] -= value;\n balanceOf[to] += value;\n allowance[from][msg.sender] -= value;\n emit Transfer(from, to, value);\n return true;\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n" + }, + { + "contract": "buggy_16.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-28\n*/\n\n/*\n * website: https://exclusiveplatform.com\n*/\n\npragma solidity ^0.5.11;\n\n/**\n * @title SafeMath\n */\nlibrary SafeMath {\n\n /**\n * @dev Multiplies two numbers, throws on overflow.\n */\n function mul(uint a, uint b) internal pure returns (uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\n\n /**\n * @dev Integer division of two numbers, truncating the quotient.\n */\n function div(uint a, uint b) internal pure returns (uint c) {\n require(b > 0);\n c = a / b;\n }\n\n /**\n * @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint a, uint b) internal pure returns (uint c) {\n require(b <= a);\n c = a - b;\n }\n\n /**\n * @dev Adds two numbers, throws on overflow.\n */\n function add(uint a, uint b) internal pure returns (uint c) {\n c = a + b;\n require(c >= a);\n }\n}\n\n\ncontract ERC20Interface {\n function totalSupply() public view returns (uint256);\nfunction bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n function balanceOf(address tokenOwner) public view returns (uint256 balance);\nmapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n function allowance(address tokenOwner, address spender) public view returns (uint256 remaining);\nmapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n function transfer(address to, uint256 tokens) public returns (bool success);\nmapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n function approve(address spender, uint256 tokens) public returns (bool success);\nmapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n function transferFrom(address from, address to, uint256 tokens) public returns (bool success);\nfunction bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n\n function bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint256 tokens);\n function bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event Approval(address indexed tokenOwner, address indexed spender, uint256 tokens);\n}\n\n\ncontract Owned {\n address payable public owner;\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev The Ownable constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address payable newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n\n}\n\ncontract ExclusivePlatform is ERC20Interface, Owned {\n \n using SafeMath for uint256;\n \n mapping (address => uint256) balances;\n mapping(address => uint) balances_intou18;\n\nfunction transfer_intou18(address _to, uint _value) public returns (bool) {\n require(balances_intou18[msg.sender] - _value >= 0); //bug\n balances_intou18[msg.sender] -= _value; //bug\n balances_intou18[_to] += _value; //bug\n return true;\n }\n mapping (address => mapping (address => uint256)) allowed;\n\n mapping(address => uint) public lockTime_intou29;\n\nfunction increaseLockTime_intou29(uint _secondsToIncrease) public {\n lockTime_intou29[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou29() public {\n require(now > lockTime_intou29[msg.sender]); \n uint transferValue_intou29 = 10; \n msg.sender.transfer(transferValue_intou29);\n }\n string public name = \"Exclusive Platform\";\n mapping(address => uint) balances_intou6;\n\nfunction transfer_intou62(address _to, uint _value) public returns (bool) {\n require(balances_intou6[msg.sender] - _value >= 0); //bug\n balances_intou6[msg.sender] -= _value; //bug\n balances_intou6[_to] += _value; //bug\n return true;\n }\n string public symbol = \"XPL\";\n function bug_intou16(uint8 p_intou16) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou16; // overflow bug\n}\n uint256 public decimals = 8;\n function bug_intou24(uint8 p_intou24) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou24; // overflow bug\n}\n uint256 public _totalSupply;\n \n mapping(address => uint) public lockTime_intou5;\n\nfunction increaseLockTime_intou5(uint _secondsToIncrease) public {\n lockTime_intou5[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou5() public {\n require(now > lockTime_intou5[msg.sender]); \n uint transferValue_intou5 = 10; \n msg.sender.transfer(transferValue_intou5);\n }\n uint256 public XPLPerEther = 8000000e8;\n uint256 public minimumBuy = 1 ether / 100;\n function bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n bool public crowdsaleIsOn = true;\n \n //mitigates the ERC20 short address attack\n //suggested by izqui9 @ http://bit.ly/2NMMCNv\n modifier onlyPayloadSize(uint size) {\n assert(msg.data.length >= size + 4);\n _;\n }\n\n constructor () public {\n _totalSupply = 10000000000e8;\n balances[owner] = _totalSupply;\n emit Transfer(address(0), owner, _totalSupply);\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n \n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n \n function updateXPLPerEther(uint _XPLPerEther) public onlyOwner { \n emit NewPrice(owner, XPLPerEther, _XPLPerEther);\n XPLPerEther = _XPLPerEther;\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n function switchCrowdsale() public onlyOwner {\n crowdsaleIsOn = !(crowdsaleIsOn);\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function getBonus(uint256 _amount) internal view returns (uint256) {\n if (_amount >= XPLPerEther.mul(5)) {\n /*\n * 20% bonus for 5 eth above\n */\n return ((20 * _amount).div(100)).add(_amount); \n } else if (_amount >= XPLPerEther) {\n /*\n * 5% bonus for 1 eth above\n */\n return ((5 * _amount).div(100)).add(_amount); \n }\n return _amount;\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n \n function () payable external {\n require(crowdsaleIsOn && msg.value >= minimumBuy);\n \n uint256 totalBuy = (XPLPerEther.mul(msg.value)).div(1 ether);\n totalBuy = getBonus(totalBuy);\n \n doTransfer(owner, msg.sender, totalBuy);\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n \n function distribute(address[] calldata _addresses, uint256 _amount) external { \n for (uint i = 0; i < _addresses.length; i++) {transfer(_addresses[i], _amount);}\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function distributeWithAmount(address[] calldata _addresses, uint256[] calldata _amounts) external {\n require(_addresses.length == _amounts.length);\n for (uint i = 0; i < _addresses.length; i++) {transfer(_addresses[i], _amounts[i]);}\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n /// @dev This is the actual transfer function in the token contract, it can\n /// only be called by other functions in this contract.\n /// @param _from The address holding the tokens being transferred\n /// @param _to The address of the recipient\n /// @param _amount The amount of tokens to be transferred\n /// @return True if the transfer was successful\n function doTransfer(address _from, address _to, uint _amount) internal {\n // Do not allow transfer to 0x0 or the token contract itself\n require((_to != address(0)));\n require(_amount <= balances[_from]);\n balances[_from] = balances[_from].sub(_amount);\n balances[_to] = balances[_to].add(_amount);\n emit Transfer(_from, _to, _amount);\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n \n function balanceOf(address _owner) view public returns (uint256) {\n return balances[_owner];\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n \n function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) {\n doTransfer(msg.sender, _to, _amount);\n return true;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n /// @return The balance of `_owner`\n function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) {\n require(allowed[_from][msg.sender] >= _amount);\n allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount);\n doTransfer(_from, _to, _amount);\n return true;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n /// @notice `msg.sender` approves `_spender` to spend `_amount` tokens on\n /// its behalf. This is a modified version of the ERC20 approve function\n /// to be a little bit safer\n /// @param _spender The address of the account able to transfer the tokens\n /// @param _amount The amount of tokens to be approved for transfer\n /// @return True if the approval was successful\n function approve(address _spender, uint256 _amount) public returns (bool success) {\n // To change the approve amount you first have to reduce the addresses`\n // allowance to zero by calling `approve(_spender,0)` if it is not\n // already 0 to mitigate the race condition described here:\n // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n require((_amount == 0) || (allowed[msg.sender][_spender] == 0));\n allowed[msg.sender][_spender] = _amount;\n emit Approval(msg.sender, _spender, _amount);\n return true;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function allowance(address _owner, address _spender) view public returns (uint256) {\n return allowed[_owner][_spender];\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function transferEther(address payable _receiver, uint256 _amount) public onlyOwner {\n require(_amount <= address(this).balance);\n emit TransferEther(address(this), _receiver, _amount);\n _receiver.transfer(_amount);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n \n function withdrawFund() onlyOwner public {\n uint256 balance = address(this).balance;\n owner.transfer(balance);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n \n function burn(uint256 _value) onlyOwner public {\n require(_value <= balances[msg.sender]);\n address burner = msg.sender;\n balances[burner] = balances[burner].sub(_value);\n _totalSupply = _totalSupply.sub(_value);\n emit Burn(burner, _value);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n \n \n function getForeignTokenBalance(address tokenAddress, address who) view public returns (uint){\n ERC20Interface token = ERC20Interface(tokenAddress);\n uint bal = token.balanceOf(who);\n return bal;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function withdrawForeignTokens(address tokenAddress) onlyOwner public returns (bool) {\n ERC20Interface token = ERC20Interface(tokenAddress);\n uint256 amount = token.balanceOf(address(this));\n return token.transfer(owner, amount);\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n \n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event TransferEther(address indexed _from, address indexed _to, uint256 _value);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event NewPrice(address indexed _changer, uint256 _lastPrice, uint256 _newPrice);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Burn(address indexed _burner, uint256 value);\n\n}\n" + }, + { + "contract": "buggy_39.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-26\n*/\n\npragma solidity ^0.5.10;\n\ncontract TAMCContract {\n mapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n mapping (address => uint256) public balanceOf;\n\n mapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n string public name = \"TAMC\";\n function bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n string public symbol = \"TAMC\";\n function bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint8 public decimals = 18;\n uint256 public totalSupply = 1000000000 * (uint256(10) ** decimals);\n\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n constructor() public {\n balanceOf[msg.sender] = totalSupply;\n emit Transfer(address(0), msg.sender, totalSupply);\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function transfer(address to, uint256 value) public returns (bool success) {\n require(balanceOf[msg.sender] >= value);\n balanceOf[msg.sender] -= value;\n balanceOf[to] += value;\n emit Transfer(msg.sender, to, value);\n return true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n function bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n mapping(address => mapping(address => uint256)) public allowance;\n\n function approve(address spender, uint256 value)\n public\n returns (bool success)\n {\n allowance[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n\n function transferFrom(address from, address to, uint256 value)\n public\n returns (bool success)\n {\n require(value <= balanceOf[from]);\n require(value <= allowance[from][msg.sender]);\n\n balanceOf[from] -= value;\n balanceOf[to] += value;\n allowance[from][msg.sender] -= value;\n emit Transfer(from, to, value);\n return true;\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n" + }, + { + "contract": "buggy_32.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, May 9, 2019\n (UTC) */\n\npragma solidity ^0.5.7;\n/**\n * \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557\n * \u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2551\n * \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2551 \u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2588\u2588\u2554\u2588\u2588\u2551\n * \u2588\u2588\u2554\u2550\u2550\u255d \u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2551\u255a\u2588\u2588\u2554\u255d\u2588\u2588\u2551\n * \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u255a\u2550\u255d \u2588\u2588\u2551\n * \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d \n */\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error.\n */\nlibrary SafeMath {\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n}\n\n/**\n * Token contract interface for external use\n */\ncontract ERC20TokenInterface {\n\n function balanceOf(address _owner) public view returns (uint256 value);\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n function transfer(address _to, uint256 _value) public returns (bool success);\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function approve(address _spender, uint256 _value) public returns (bool success);\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n function allowance(address _owner, address _spender) public view returns (uint256 remaining);\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n }\n\n/**\n* @title Token definition\n* @dev Define token paramters including ERC20 ones\n*/\ncontract ERC20Token is ERC20TokenInterface {\n using SafeMath for uint256;\n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint256 public totalSupply;\n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n mapping (address => uint256) balances; //A mapping of all balances per address\n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => mapping (address => uint256)) allowed; //A mapping of all allowances\n\n /**\n * @dev Get the balance of an specified address.\n * @param _owner The address to be query.\n */\n function balanceOf(address _owner) public view returns (uint256 value) {\n return balances[_owner];\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n /**\n * @dev transfer token to a specified address\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n balances[msg.sender] = balances[msg.sender].sub(_value);\n balances[_to] = balances[_to].add(_value);\n emit Transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev transfer token from an address to another specified address using allowance\n * @param _from The address where token comes.\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);\n balances[_from] = balances[_from].sub(_value);\n balances[_to] = balances[_to].add(_value);\n emit Transfer(_from, _to, _value);\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n /**\n * @dev Assign allowance to an specified address to use the owner balance\n * @param _spender The address to be allowed to spend.\n * @param _value The amount to be allowed.\n */\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Get the allowance of an specified address to use another address balance.\n * @param _owner The address of the owner of the tokens.\n * @param _spender The address of the allowed spender.\n */\n function allowance(address _owner, address _spender) public view returns (uint256 remaining) {\n return allowed[_owner][_spender];\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n /**\n * @dev Log Events\n */\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n}\n\n/**\n* @title Asset\n* @dev Initial supply creation\n*/\ncontract AsseteGram is ERC20Token {\n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n string public name = 'Electronic Gram';\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n uint8 public decimals = 3;\n function bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n string public symbol = 'eGram';\n mapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n string public version = '2';\n\n constructor() public {\n address initialOwner = 0xac775cD446889ac167da466692449ece5439fc12;\n totalSupply = 180000000 * (10**uint256(decimals)); //initial token creation\n balances[initialOwner] = totalSupply;\n emit Transfer(address(0), initialOwner, balances[initialOwner]);\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n\n /**\n *@dev Function to handle callback calls\n */\n function() external {\n revert();\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n}\n" + }, + { + "contract": "buggy_50.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.11;\n\ncontract digitalNotary\n{\n \n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n address payable private manager;\n \n mapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n bool private contractactive;\n \n mapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n uint private hashfee;\n \n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint private changehashownerfee;\n \n struct HashRegistration \n {\n address owner;\n uint registrationtime;\n }\n \n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n mapping(bytes32 => HashRegistration[]) HashList;\n \n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n uint private HashListLength;\n \n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event RegisterHashEvent(address indexed msgsender, bytes32 indexed hash, uint timestamp);\n \n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event ChangeHashOwnershipEvent(address indexed msgsender, address indexed newowner, bytes32 indexed hash, uint timestamp);\n \n constructor() public\n {\n\n manager = msg.sender;\n \n contractactive = true;\n \n hashfee = 5000000000000000;\n \n changehashownerfee = 25000000000000000;\n \n HashListLength = 0;\n \n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n modifier onlyManager()\n {\n require(msg.sender == manager);\n _;\n }\n \n \n function gethashfee() external view returns(uint)\n {\n return hashfee;\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n \n function sethashfee(uint newfee) external onlyManager\n {\n require(newfee >= 0);\n \n hashfee = newfee;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n \n function getchangehashownerfee() external view returns(uint)\n {\n return changehashownerfee;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n \n function setchangehashownerfee(uint newfee) external onlyManager\n {\n require(newfee >= 0);\n \n changehashownerfee = newfee;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n \n function getcontractactive() external view returns (bool)\n {\n return contractactive;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n \n function setcontractactive(bool contactive) external onlyManager\n {\n contractactive = contactive;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function getmanager() external view returns(address)\n {\n return manager;\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function setmanager(address payable newmngr) external onlyManager\n {\n require(newmngr.balance > 0);\n manager = newmngr;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n \n function getcontractbalance() public view returns(uint)\n {\n \n return address(this).balance;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n \n function transfercontractbalance() external onlyManager\n {\n uint cb = address(this).balance;\n \n require(cb > 0);\n \n manager.transfer(cb);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n \n function getHashOwnersCount(bytes32 hash) public view returns(uint)\n {\n return HashList[hash].length;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function getNumberofHashesRegistered() external view returns(uint)\n {\n return HashListLength;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n \n function getHashDetails(bytes32 hash,uint indx) external view returns (address,uint)\n {\n\n uint owncount = getHashOwnersCount(hash);\n require(owncount > 0);\n require(indx < owncount);\n \n return (HashList[hash][indx].owner,HashList[hash][indx].registrationtime);\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function registerHash(bytes32 hash) external payable\n {\n \n require(contractactive == true);\n require(getHashOwnersCount(hash) == 0);\n require(msg.value == hashfee);\n \n HashRegistration memory thisregistration;\n thisregistration.owner = msg.sender;\n thisregistration.registrationtime = now;\n \n HashList[hash].push(thisregistration);\n \n HashListLength++;\n \n emit RegisterHashEvent(thisregistration.owner, hash, thisregistration.registrationtime);\n \n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n \n function changeHashOwnership(bytes32 hash, address newowner) external payable\n {\n \n require(contractactive == true);\n uint owncount = getHashOwnersCount(hash);\n require(owncount > 0);\n require(msg.sender == HashList[hash][owncount - 1].owner); \n require(msg.value == changehashownerfee);\n \n HashRegistration memory thisregistration;\n thisregistration.owner = newowner;\n thisregistration.registrationtime = now;\n \n HashList[hash].push(thisregistration);\n \n emit ChangeHashOwnershipEvent(msg.sender, thisregistration.owner, hash, thisregistration.registrationtime);\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n \n function () external\n {\n \t\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n" + }, + { + "contract": "buggy_40.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-25\n*/\n\npragma solidity ^0.5.0;\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP. Does not include\n * the optional functions; to access them see `ERC20Detailed`.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a `Transfer` event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through `transferFrom`. This is\n * zero by default.\n *\n * This value changes when `approve` or `transferFrom` are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * > Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an `Approval` event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a `Transfer` event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to `approve`. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n\n/**\n * @dev Implementation of the `IERC20` interface.\n *\n * This implementation is agnostic to the way tokens are created. This means\n * that a supply mechanism has to be added in a derived contract using `_mint`.\n * For a generic mechanism see `ERC20Mintable`.\n *\n * *For a detailed writeup see our guide [How to implement supply\n * mechanisms](https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226).*\n *\n * We have followed general OpenZeppelin guidelines: functions revert instead\n * of returning `false` on failure. This behavior is nonetheless conventional\n * and does not conflict with the expectations of ERC20 applications.\n *\n * Additionally, an `Approval` event is emitted on calls to `transferFrom`.\n * This allows applications to reconstruct the allowance for all accounts just\n * by listening to said events. Other implementations of the EIP may not emit\n * these events, as it isn't required by the specification.\n *\n * Finally, the non-standard `decreaseAllowance` and `increaseAllowance`\n * functions have been added to mitigate the well-known issues around setting\n * allowances. See `IERC20.approve`.\n */\ncontract ERC20 is IERC20 {\n using SafeMath for uint256;\n\n mapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n mapping (address => uint256) private _balances;\n\n mapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n mapping (address => mapping (address => uint256)) private _allowances;\n\n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 private _totalSupply;\n\n /**\n * @dev See `IERC20.totalSupply`.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev See `IERC20.balanceOf`.\n */\n function balanceOf(address account) public view returns (uint256) {\n return _balances[account];\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n /**\n * @dev See `IERC20.transfer`.\n *\n * Requirements:\n *\n * - `recipient` cannot be the zero address.\n * - the caller must have a balance of at least `amount`.\n */\n function transfer(address recipient, uint256 amount) public returns (bool) {\n _transfer(msg.sender, recipient, amount);\n return true;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n /**\n * @dev See `IERC20.allowance`.\n */\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowances[owner][spender];\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev See `IERC20.approve`.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n /**\n * @dev See `IERC20.transferFrom`.\n *\n * Emits an `Approval` event indicating the updated allowance. This is not\n * required by the EIP. See the note at the beginning of `ERC20`;\n *\n * Requirements:\n * - `sender` and `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `value`.\n * - the caller must have allowance for `sender`'s tokens of at least\n * `amount`.\n */\n function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));\n return true;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Atomically increases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));\n return true;\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Atomically decreases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `spender` must have allowance for the caller of at least\n * `subtractedValue`.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue));\n return true;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev Moves tokens `amount` from `sender` to `recipient`.\n *\n * This is internal function is equivalent to `transfer`, and can be used to\n * e.g. implement automatic token fees, slashing mechanisms, etc.\n *\n * Emits a `Transfer` event.\n *\n * Requirements:\n *\n * - `sender` cannot be the zero address.\n * - `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `amount`.\n */\n function _transfer(address sender, address recipient, uint256 amount) internal {\n require(sender != address(0), \"ERC20: transfer from the zero address\");\n require(recipient != address(0), \"ERC20: transfer to the zero address\");\n\n _balances[sender] = _balances[sender].sub(amount);\n _balances[recipient] = _balances[recipient].add(amount);\n emit Transfer(sender, recipient, amount);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /** @dev Creates `amount` tokens and assigns them to `account`, increasing\n * the total supply.\n *\n * Emits a `Transfer` event with `from` set to the zero address.\n *\n * Requirements\n *\n * - `to` cannot be the zero address.\n */\n function _mint(address account, uint256 amount) internal {\n require(account != address(0), \"ERC20: mint to the zero address\");\n\n _totalSupply = _totalSupply.add(amount);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n /**\n * @dev Destoys `amount` tokens from `account`, reducing the\n * total supply.\n *\n * Emits a `Transfer` event with `to` set to the zero address.\n *\n * Requirements\n *\n * - `account` cannot be the zero address.\n * - `account` must have at least `amount` tokens.\n */\n function _burn(address account, uint256 value) internal {\n require(account != address(0), \"ERC20: burn from the zero address\");\n\n _totalSupply = _totalSupply.sub(value);\n _balances[account] = _balances[account].sub(value);\n emit Transfer(account, address(0), value);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the `owner`s tokens.\n *\n * This is internal function is equivalent to `approve`, and can be used to\n * e.g. set automatic allowances for certain subsystems, etc.\n *\n * Emits an `Approval` event.\n *\n * Requirements:\n *\n * - `owner` cannot be the zero address.\n * - `spender` cannot be the zero address.\n */\n function _approve(address owner, address spender, uint256 value) internal {\n require(owner != address(0), \"ERC20: approve from the zero address\");\n require(spender != address(0), \"ERC20: approve to the zero address\");\n\n _allowances[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n /**\n * @dev Destoys `amount` tokens from `account`.`amount` is then deducted\n * from the caller's allowance.\n *\n * See `_burn` and `_approve`.\n */\n function _burnFrom(address account, uint256 amount) internal {\n _burn(account, amount);\n _approve(account, msg.sender, _allowances[account][msg.sender].sub(amount));\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\n/**\n * @dev Optional functions from the ERC20 standard.\n */\ncontract ERC20Detailed is IERC20 {\n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n string private _name;\n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n string private _symbol;\n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint8 private _decimals;\n\n /**\n * @dev Sets the values for `name`, `symbol`, and `decimals`. All three of\n * these values are immutable: they can only be set once during\n * construction.\n */\n constructor (string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n /**\n * @dev Returns the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n\n /**\n * @dev Returns the symbol of the token, usually a shorter version of the\n * name.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Returns the number of decimals used to get its user representation.\n * For example, if `decimals` equals `2`, a balance of `505` tokens should\n * be displayed to a user as `5,05` (`505 / 10 ** 2`).\n *\n * Tokens usually opt for a value of 18, imitating the relationship between\n * Ether and Wei.\n *\n * > Note that this information is only used for _display_ purposes: it in\n * no way affects any of the arithmetic of the contract, including\n * `IERC20.balanceOf` and `IERC20.transfer`.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\ncontract SimpleSwapCoin is ERC20, ERC20Detailed {\n constructor() ERC20Detailed(\"SimpleSwap Coin\", \"SWAP\", 8) public {\n _mint(msg.sender, 100000000 * (10 ** 8));\n }\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n}\n" + }, + { + "contract": "buggy_38.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-26\n*/\n\npragma solidity ^0.5.0;\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function allowance(address owner, address spender) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n function approve(address spender, uint256 value) external returns (bool);\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract ERC20Detailed is IERC20 {\n\nmapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n string private _name;\nfunction bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n string private _symbol;\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint8 private _decimals;\n\n constructor(string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function name() public view returns(string memory) {\n return _name;\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n function symbol() public view returns(string memory) {\n return _symbol;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n function decimals() public view returns(uint8) {\n return _decimals;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n}\n\ncontract BIGBOMBv2 is ERC20Detailed {\n\n using SafeMath for uint256;\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n mapping (address => uint256) private _balances;\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n string constant tokenName = \"BIGBOMB\";\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n string constant tokenSymbol = \"BBOMB\";\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint8 constant tokenDecimals = 18;\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint256 _totalSupply = 800000000000000000000000;\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n uint256 public basePercent = 100;\n\n constructor() public payable ERC20Detailed(tokenName, tokenSymbol, tokenDecimals) {\n _mint(msg.sender, _totalSupply);\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function findfourPercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 fourPercent = roundValue.mul(basePercent).div(2500);\n return fourPercent;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n function transfer(address to, uint256 value) public returns (bool) {\n require(value <= _balances[msg.sender]);\n require(to != address(0));\n\n uint256 tokensToBurn = findfourPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[msg.sender] = _balances[msg.sender].sub(value);\n _balances[to] = _balances[to].add(tokensToTransfer);\n\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n emit Transfer(msg.sender, to, tokensToTransfer);\n emit Transfer(msg.sender, address(0), tokensToBurn);\n return true;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n function approve(address spender, uint256 value) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n require(value <= _balances[from]);\n require(value <= _allowed[from][msg.sender]);\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n\n uint256 tokensToBurn = findfourPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[to] = _balances[to].add(tokensToTransfer);\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n _allowed[from][msg.sender] = _allowed[from][msg.sender].sub(value);\n\n emit Transfer(from, to, tokensToTransfer);\n emit Transfer(from, address(0), tokensToBurn);\n\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].add(addedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].sub(subtractedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n function _mint(address account, uint256 amount) internal {\n require(amount != 0);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n\n function burn(uint256 amount) external {\n _burn(msg.sender, amount);\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function _burn(address account, uint256 amount) internal {\n require(amount != 0);\n require(amount <= _balances[account]);\n _totalSupply = _totalSupply.sub(amount);\n _balances[account] = _balances[account].sub(amount);\n emit Transfer(account, address(0), amount);\n }\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function burnFrom(address account, uint256 amount) external {\n require(amount <= _allowed[account][msg.sender]);\n _allowed[account][msg.sender] = _allowed[account][msg.sender].sub(amount);\n _burn(account, amount);\n }\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n}\n" + }, + { + "contract": "buggy_35.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.11; \n /* \n ___________________________________________________________________\n _ _ ______ \n | | / / / \n --|-/|-/-----__---/----__----__---_--_----__-------/-------__------\n |/ |/ /___) / / ' / ) / / ) /___) / / ) \n __/__|____(___ _/___(___ _(___/_/_/__/_(___ _____/______(___/__o_o_\n \n \n \n \n \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557\n \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551\u255a\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u255a\u2588\u2588\u2557 \u2588\u2588\u2554\u255d\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557 \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u255a\u2588\u2588\u2557\u2588\u2588\u2554\u255d\n \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551 \u255a\u2588\u2588\u2588\u2588\u2554\u255d \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d \u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2557 \u255a\u2588\u2588\u2588\u2554\u255d \n \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2554\u2550\u2550\u2550\u255d \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551 \u255a\u2588\u2588\u2554\u255d \u2588\u2588\u2554\u2550\u2550\u255d \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557 \u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u255d \u2588\u2588\u2554\u2588\u2588\u2557 \n \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2554\u255d \u2588\u2588\u2557\n \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\n \n \n \n \n------------------------------------------------------------------------------------------------------\n Copyright (c) 2019 Onwards Bitpayer Inc. ( https://dex.bitpayer.io )\n Contract designed with \u2764 by EtherAuthority ( https://EtherAuthority.io )\n------------------------------------------------------------------------------------------------------\n*/\n\n\n//*******************************************************************\n//------------------------ SafeMath Library -------------------------\n//*******************************************************************\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\n\n//*******************************************************************//\n//------------------ Contract to Manage Ownership -------------------//\n//*******************************************************************//\n \ncontract owned {\n function bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n address public owner;\n function bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n address private newOwner;\n\n\n function bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n event OwnershipTransferred(uint256 curTime, address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n\n function onlyOwnerTransferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n\n //this flow is to prevent transferring ownership to wrong wallet by mistake\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(now, owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n}\n\ninterface ERC20Essential \n{\n\n function transfer(address _to, uint256 _amount) external returns (bool);\n function transferFrom(address _from, address _to, uint256 _amount) external returns (bool);\n\n}\n\n\ncontract BitpayerDEX is owned {\n using SafeMath for uint256;\nmapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n bool public safeGuard; // To hault all non owner functions in case of imergency - by default false\nmapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n address public feeAccount; //the account that will receive fees\nmapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n uint public tradingFee = 50; // 50 = 0.5%\n \nmapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n mapping (address => mapping (address => uint)) public tokens; //mapping of token addresses to mapping of account balances (token=0 means Ether)\nfunction bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n mapping (address => mapping (bytes32 => bool)) public orders; //mapping of user accounts to mapping of order hashes to booleans (true = submitted by user, equivalent to offchain signature)\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping (address => mapping (bytes32 => uint)) public orderFills; //mapping of user accounts to mapping of order hashes to uints (amount of order that has been filled)\n \nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Order(uint256 curTime, address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user);\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event Cancel(uint256 curTime, address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s);\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event Trade(uint256 curTime, address tokenGet, uint amountGet, address tokenGive, uint amountGive, address get, address give);\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Deposit(uint256 curTime, address token, address user, uint amount, uint balance);\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Withdraw(uint256 curTime, address token, address user, uint amount, uint balance);\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event OwnerWithdrawTradingFee(address indexed owner, uint256 amount);\n\n\n\n constructor() public {\n feeAccount = msg.sender;\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n function changeSafeguardStatus() onlyOwner public\n {\n if (safeGuard == false)\n {\n safeGuard = true;\n }\n else\n {\n safeGuard = false; \n }\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n //Calculate percent and return result\n function calculatePercentage(uint256 PercentOf, uint256 percentTo ) internal pure returns (uint256) \n {\n uint256 factor = 10000;\n require(percentTo <= factor);\n uint256 c = PercentOf.mul(percentTo).div(factor);\n return c;\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n } \n\n\n\n \n // contract without fallback automatically reject incoming ether\n // function() external { }\n\n\n function changeFeeAccount(address feeAccount_) public onlyOwner {\n feeAccount = feeAccount_;\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n function changetradingFee(uint tradingFee_) public onlyOwner{\n //require(tradingFee_ <= tradingFee);\n tradingFee = tradingFee_;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function availableTradingFeeOwner() public view returns(uint256){\n //it only holds ether as fee\n return tokens[address(0)][feeAccount];\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n \n function withdrawTradingFeeOwner() public onlyOwner returns (string memory){\n uint256 amount = availableTradingFeeOwner();\n require (amount > 0, 'Nothing to withdraw');\n \n tokens[address(0)][feeAccount] = 0;\n \n msg.sender.transfer(amount);\n \n emit OwnerWithdrawTradingFee(owner, amount);\n \n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n function deposit() public payable {\n tokens[address(0)][msg.sender] = tokens[address(0)][msg.sender].add(msg.value);\n emit Deposit(now, address(0), msg.sender, msg.value, tokens[address(0)][msg.sender]);\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n function withdraw(uint amount) public {\n require(!safeGuard,\"System Paused by Admin\");\n require(tokens[address(0)][msg.sender] >= amount);\n tokens[address(0)][msg.sender] = tokens[address(0)][msg.sender].sub(amount);\n msg.sender.transfer(amount);\n emit Withdraw(now, address(0), msg.sender, amount, tokens[address(0)][msg.sender]);\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n function depositToken(address token, uint amount) public {\n //remember to call Token(address).approve(this, amount) or this contract will not be able to do the transfer on your behalf.\n require(token!=address(0));\n require(ERC20Essential(token).transferFrom(msg.sender, address(this), amount));\n tokens[token][msg.sender] = tokens[token][msg.sender].add(amount);\n emit Deposit(now, token, msg.sender, amount, tokens[token][msg.sender]);\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\t\n function withdrawToken(address token, uint amount) public {\n require(!safeGuard,\"System Paused by Admin\");\n require(token!=address(0));\n require(tokens[token][msg.sender] >= amount);\n tokens[token][msg.sender] = tokens[token][msg.sender].sub(amount);\n\t ERC20Essential(token).transfer(msg.sender, amount);\n emit Withdraw(now, token, msg.sender, amount, tokens[token][msg.sender]);\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function balanceOf(address token, address user) public view returns (uint) {\n return tokens[token][user];\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function order(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce) public {\n bytes32 hash = keccak256(abi.encodePacked(this, tokenGet, amountGet, tokenGive, amountGive, expires, nonce));\n orders[msg.sender][hash] = true;\n emit Order(now, tokenGet, amountGet, tokenGive, amountGive, expires, nonce, msg.sender);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n function trade(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s, uint amount) public {\n require(!safeGuard,\"System Paused by Admin\");\n //amount is in amountGet terms\n bytes32 hash = keccak256(abi.encodePacked(this, tokenGet, amountGet, tokenGive, amountGive, expires, nonce));\n require((\n (orders[user][hash] || ecrecover(keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash)),v,r,s) == user) &&\n block.number <= expires &&\n orderFills[user][hash].add(amount) <= amountGet\n ));\n tradeBalances(tokenGet, amountGet, tokenGive, amountGive, user, amount);\n orderFills[user][hash] = orderFills[user][hash].add(amount);\n emit Trade(now, tokenGet, amount, tokenGive, amountGive * amount / amountGet, user, msg.sender);\n }\n\n function tradeBalances(address tokenGet, uint amountGet, address tokenGive, uint amountGive, address user, uint amount) internal {\n \n uint tradingFeeXfer = calculatePercentage(amount,tradingFee);\n tokens[tokenGet][msg.sender] = tokens[tokenGet][msg.sender].sub(amount.add(tradingFeeXfer));\n tokens[tokenGet][user] = tokens[tokenGet][user].add(amount.sub(tradingFeeXfer));\n tokens[address(0)][feeAccount] = tokens[address(0)][feeAccount].add(tradingFeeXfer);\n\n tokens[tokenGive][user] = tokens[tokenGive][user].sub(amountGive.mul(amount) / amountGet);\n tokens[tokenGive][msg.sender] = tokens[tokenGive][msg.sender].add(amountGive.mul(amount) / amountGet);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function testTrade(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s, uint amount, address sender) public view returns(bool) {\n \n if (!(\n tokens[tokenGet][sender] >= amount &&\n availableVolume(tokenGet, amountGet, tokenGive, amountGive, expires, nonce, user, v, r, s) >= amount\n )) return false;\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n function availableVolume(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s) public view returns(uint) {\n bytes32 hash = keccak256(abi.encodePacked(this, tokenGet, amountGet, tokenGive, amountGive, expires, nonce));\n uint available1;\n if (!(\n (orders[user][hash] || ecrecover(keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash)),v,r,s) == user) &&\n block.number <= expires\n )) return 0;\n available1 = tokens[tokenGive][user].mul(amountGet) / amountGive;\n \n if (amountGet.sub(orderFills[user][hash]) uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n /// @notice `msg.sender` approves `_spender` to spend `_value` tokens\n /// @param _spender The address of the account able to transfer the tokens\n /// @param _value The amount of tokens to be approved for transfer\n /// @return Whether the approval was successful or not\n function approve(address _spender, uint256 _value) public returns (bool success);\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /// @param _owner The address of the account owning tokens\n /// @param _spender The address of the account able to transfer the tokens\n /// @return Amount of remaining tokens allowed to spent\n function allowance(address _owner, address _spender) public view returns (uint256 remaining);\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n // solhint-disable-next-line no-simple-event-func-name\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n}\n\ncontract HotDollarsToken is EIP20Interface {\n uint256 constant private MAX_UINT256 = 2**256 - 1;\n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n mapping (address => uint256) public balances;\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n mapping (address => mapping (address => uint256)) public allowed;\n /*\n NOTE:\n The following variables are OPTIONAL vanities. One does not have to include them.\n They allow one to customise the token contract & in no way influences the core functionality.\n Some wallets/interfaces might not even bother to look at this information.\n */\n function bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n string public name; //fancy name: eg Simon Bucks\n mapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n uint8 public decimals; //How many decimals to show.\n function bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n string public symbol; //An identifier: eg SBX\n\n constructor() public {\n totalSupply = 3 * 1e28; \n name = \"HotDollars Token\"; \n decimals = 18; \n symbol = \"HDS\";\n balances[msg.sender] = totalSupply; \n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function transfer(address _to, uint256 _value) public returns (bool success) {\n require(balances[msg.sender] >= _value);\n balances[msg.sender] -= _value;\n balances[_to] += _value;\n emit Transfer(msg.sender, _to, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n uint256 allowance = allowed[_from][msg.sender];\n require(balances[_from] >= _value && allowance >= _value);\n balances[_to] += _value;\n balances[_from] -= _value;\n if (allowance < MAX_UINT256) {\n allowed[_from][msg.sender] -= _value;\n }\n emit Transfer(_from, _to, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function balanceOf(address _owner) public view returns (uint256 balance) {\n return balances[_owner];\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n\n function allowance(address _owner, address _spender) public view returns (uint256 remaining) {\n return allowed[_owner][_spender];\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}" + }, + { + "contract": "buggy_31.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\n\npragma solidity ^0.5.11;\n\n\ninterface IERC20 {\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n}\n\ninterface Marmo {\n function signer() external view returns (address _signer);\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * NOTE: This call _does not revert_ if the signature is invalid, or\n * if the signer is otherwise unable to be retrieved. In those scenarios,\n * the zero address is returned.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise)\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n return (address(0));\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 < s < secp256k1n \u00f7 2 + 1, and for v in (282): v \u2208 {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return address(0);\n }\n\n if (v != 27 && v != 28) {\n return address(0);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n return ecrecover(hash, v, r, s);\n }\n\n}\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be aplied to your functions to restrict their use to\n * the owner.\n */\ncontract Ownable {\n mapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n address private _owner;\n\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor () internal {\n _owner = msg.sender;\n emit OwnershipTransferred(address(0), _owner);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view returns (address) {\n return _owner;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(isOwner(), \"Ownable: caller is not the owner\");\n _;\n }\n\n /**\n * @dev Returns true if the caller is the current owner.\n */\n function isOwner() public view returns (bool) {\n return msg.sender == _owner;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n _transferOwnership(newOwner);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n */\n function _transferOwnership(address newOwner) internal {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n emit OwnershipTransferred(_owner, newOwner);\n _owner = newOwner;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n}\n\n/**\n * @dev Contract module that helps prevent reentrant calls to a function.\n *\n * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier\n * available, which can be applied to functions to make sure there are no nested\n * (reentrant) calls to them.\n *\n * Note that because there is a single `nonReentrant` guard, functions marked as\n * `nonReentrant` may not call one another. This can be worked around by making\n * those functions `private`, and then adding `external` `nonReentrant` entry\n * points to them.\n */\ncontract ReentrancyGuard {\n // counter to allow mutex lock with only one SSTORE operation\n function bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n uint256 private _guardCounter;\n\n constructor () internal {\n // The counter starts at one to prevent changing it from zero to a non-zero\n // value, which is a more expensive operation.\n _guardCounter = 1;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Prevents a contract from calling itself, directly or indirectly.\n * Calling a `nonReentrant` function from another `nonReentrant`\n * function is not supported. It is possible to prevent this from happening\n * by making the `nonReentrant` function external, and make it call a\n * `private` function that does the actual work.\n */\n modifier nonReentrant() {\n _guardCounter += 1;\n uint256 localCounter = _guardCounter;\n _;\n require(localCounter == _guardCounter, \"ReentrancyGuard: reentrant call\");\n }\n}\n\ncontract FeeTransactionManager is Ownable, ReentrancyGuard {\n \n function bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n IERC20 public token;\n function bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n address public relayer;\n \n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event NewRelayer(address _oldRelayer, address _newRelayer);\n \n constructor (address _tokenAddress, address _relayer) public {\n relayer = _relayer;\n token = IERC20(_tokenAddress);\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n \n function execute(\n address _to, \n uint256 _value, \n uint256 _fee, \n bytes calldata _signature\n ) nonReentrant external {\n require(tx.origin == relayer, \"Invalid transaction origin\");\n Marmo marmo = Marmo(msg.sender);\n bytes32 hash = keccak256(\n abi.encodePacked(\n _to,\n _value,\n _fee\n )\n );\n require(marmo.signer() == ECDSA.recover(hash, _signature), \"Invalid signature\");\n require(token.transferFrom(msg.sender, _to, _value));\n require(token.transferFrom(msg.sender, relayer, _fee));\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n \n function setRelayer(address _newRelayer) onlyOwner external {\n require(_newRelayer != address(0));\n emit NewRelayer(relayer, _newRelayer);\n relayer = _newRelayer;\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n}\n" + }, + { + "contract": "buggy_18.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-28\n*/\n\npragma solidity >=0.5.9;\n \n// 'Yesbuzz' contract\n// Mineable & Deflationary ERC20 Token using Proof Of Work\n//\n// Symbol : YESBUZ\n// Name : Yesbuzz \n// Total supply: 21,000,000.00\n// Decimals : 8\n//\n// ----------------------------------------------------------------------------\n\n// ----------------------------------------------------------------------------\n// Safe maths\n// ----------------------------------------------------------------------------\n\nlibrary SafeMath {\n\n function add(uint a, uint b) internal pure returns(uint c) {\n c = a + b;\n require(c >= a);\n }\n\n function sub(uint a, uint b) internal pure returns(uint c) {\n require(b <= a);\n c = a - b;\n }\n\n function mul(uint a, uint b) internal pure returns(uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\n\n function div(uint a, uint b) internal pure returns(uint c) {\n require(b > 0);\n c = a / b;\n }\n\n}\n\nlibrary ExtendedMath {\n\n //return the smaller of the two inputs (a or b)\n function limitLessThan(uint a, uint b) internal pure returns(uint c) {\n if (a > b) return b;\n return a;\n }\n}\n\n// ----------------------------------------------------------------------------\n// ERC Token Standard #20 Interface\n// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n// ----------------------------------------------------------------------------\n\ncontract ERC20Interface {\n\n function totalSupply() public view returns(uint);\nfunction bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n function balanceOf(address tokenOwner) public view returns(uint balance);\nmapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n function allowance(address tokenOwner, address spender) public view returns(uint remaining);\nmapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n function transfer(address to, uint tokens) public returns(bool success);\nmapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n function approve(address spender, uint tokens) public returns(bool success);\nmapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n function transferFrom(address from, address to, uint tokens) public returns(bool success);\nfunction bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event Transfer(address indexed from, address indexed to, uint tokens);\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n\n}\n\n// ----------------------------------------------------------------------------\n// Contract function to receive approval and execute function in one call\n//\n// Borrowed from MiniMeToken\n// ----------------------------------------------------------------------------\n\ncontract ApproveAndCallFallBack {\n\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n}\n\n// ----------------------------------------------------------------------------\n// Owned contract\n// ----------------------------------------------------------------------------\n\ncontract Owned {\n\n address public owner;\n address public newOwner;\n\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n\n}\n\n// ----------------------------------------------------------------------------\n// ERC20 Token, with the addition of symbol, name and decimals and an\n// initial fixed supply\n// ----------------------------------------------------------------------------\n\ncontract _Yesbuzz is ERC20Interface, Owned {\n\n using SafeMath for uint;\n using ExtendedMath for uint;\n\n string public symbol;\n string public name;\n uint8 public decimals;\n uint public _totalSupply;\n uint public latestDifficultyPeriodStarted;\n uint public epochCount; //number of 'blocks' mined\n uint public _BLOCKS_PER_READJUSTMENT = 1024;\n\n //a little number\n uint public _MINIMUM_TARGET = 2 ** 16;\n\n //a big number is easier ; just find a solution that is smaller\n //uint public _MAXIMUM_TARGET = 2**224; bitcoin uses 224\n uint public _MAXIMUM_TARGET = 2 ** 234;\n uint public miningTarget;\n bytes32 public challengeNumber; //generate a new one when a new reward is minted\n uint public rewardEra;\n uint public maxSupplyForEra;\n address public lastRewardTo;\n mapping(address => uint) balances_intou18;\n\nfunction transfer_intou18(address _to, uint _value) public returns (bool) {\n require(balances_intou18[msg.sender] - _value >= 0); //bug\n balances_intou18[msg.sender] -= _value; //bug\n balances_intou18[_to] += _value; //bug\n return true;\n }\n uint public lastRewardAmount;\n mapping(address => uint) public lockTime_intou29;\n\nfunction increaseLockTime_intou29(uint _secondsToIncrease) public {\n lockTime_intou29[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou29() public {\n require(now > lockTime_intou29[msg.sender]); \n uint transferValue_intou29 = 10; \n msg.sender.transfer(transferValue_intou29);\n }\n uint public lastRewardEthBlockNumber;\n mapping(address => uint) balances_intou6;\n\nfunction transfer_intou62(address _to, uint _value) public returns (bool) {\n require(balances_intou6[msg.sender] - _value >= 0); //bug\n balances_intou6[msg.sender] -= _value; //bug\n balances_intou6[_to] += _value; //bug\n return true;\n }\n bool locked = false;\n function bug_intou16(uint8 p_intou16) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou16; // overflow bug\n}\n mapping(bytes32 => bytes32) solutionForChallenge;\n function bug_intou24(uint8 p_intou24) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou24; // overflow bug\n}\n uint public tokensMinted;\n mapping(address => uint) balances;\n mapping(address => uint) public lockTime_intou5;\n\nfunction increaseLockTime_intou5(uint _secondsToIncrease) public {\n lockTime_intou5[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou5() public {\n require(now > lockTime_intou5[msg.sender]); \n uint transferValue_intou5 = 10; \n msg.sender.transfer(transferValue_intou5);\n }\n mapping(address => mapping(address => uint)) allowed;\n function bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint public burnPercent;\n\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Mint(address indexed from, uint reward_amount, uint epochCount, bytes32 newChallengeNumber);\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n\n constructor() public onlyOwner {\n\n symbol = \"YESBUZ\";\n name = \"Yesbuzz\";\n decimals = 8;\n _totalSupply = 21000000 * 10 ** uint(decimals);\n if (locked) revert();\n locked = true;\n tokensMinted = 0;\n rewardEra = 0;\n maxSupplyForEra = _totalSupply.div(2);\n miningTarget = _MAXIMUM_TARGET;\n latestDifficultyPeriodStarted = block.number;\n burnPercent = 10; //it's divided by 1000, then 10/1000 = 0.01 = 1%\n _startNewMiningEpoch();\n\n //The owner gets nothing! You must mine this ERC20 token\n //balances[owner] = _totalSupply;\n //Transfer(address(0), owner, _totalSupply);\n\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n function mint(uint256 nonce, bytes32 challenge_digest) public returns(bool success) {\n //the PoW must contain work that includes a recent ethereum block hash (challenge number) and the msg.sender's address to prevent MITM attacks\n bytes32 digest = keccak256(abi.encodePacked(challengeNumber, msg.sender, nonce));\n //the challenge digest must match the expected\n if (digest != challenge_digest) revert();\n //the digest must be smaller than the target\n if (uint256(digest) > miningTarget) revert();\n //only allow one reward for each challenge\n bytes32 solution = solutionForChallenge[challengeNumber];\n solutionForChallenge[challengeNumber] = digest;\n if (solution != 0x0) revert(); //prevent the same answer from awarding twice\n uint reward_amount = getMiningReward();\n balances[msg.sender] = balances[msg.sender].add(reward_amount);\n tokensMinted = tokensMinted.add(reward_amount);\n //Cannot mint more tokens than there are\n assert(tokensMinted <= maxSupplyForEra);\n //set readonly diagnostics data\n lastRewardTo = msg.sender;\n lastRewardAmount = reward_amount;\n lastRewardEthBlockNumber = block.number;\n _startNewMiningEpoch();\n emit Mint(msg.sender, reward_amount, epochCount, challengeNumber);\n return true;\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n //a new 'block' to be mined\n function _startNewMiningEpoch() internal {\n //if max supply for the era will be exceeded next reward round then enter the new era before that happens\n //40 is the final reward era, almost all tokens minted\n //once the final era is reached, more tokens will not be given out because the assert function\n if (tokensMinted.add(getMiningReward()) > maxSupplyForEra && rewardEra < 39) {\n rewardEra = rewardEra + 1;\n }\n //set the next minted supply at which the era will change\n // total supply is 2100000000000000 because of 8 decimal places\n maxSupplyForEra = _totalSupply - _totalSupply.div(2 ** (rewardEra + 1));\n epochCount = epochCount.add(1);\n //every so often, readjust difficulty. Dont readjust when deploying\n if (epochCount % _BLOCKS_PER_READJUSTMENT == 0) {\n _reAdjustDifficulty();\n }\n //make the latest ethereum block hash a part of the next challenge for PoW to prevent pre-mining future blocks\n //do this last since this is a protection mechanism in the mint() function\n challengeNumber = blockhash(block.number - 1);\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n //https://en.bitcoin.it/wiki/Difficulty#What_is_the_formula_for_difficulty.3F\n //as of 2017 the bitcoin difficulty was up to 17 zeroes, it was only 8 in the early days\n //readjust the target by 5 percent\n function _reAdjustDifficulty() internal {\n uint ethBlocksSinceLastDifficultyPeriod = block.number - latestDifficultyPeriodStarted;\n //assume 360 ethereum blocks per hour\n //we want miners to spend 10 minutes to mine each 'block', about 60 ethereum blocks = one BitcoinSoV epoch\n uint epochsMined = _BLOCKS_PER_READJUSTMENT; //256\n uint targetEthBlocksPerDiffPeriod = epochsMined * 60; //should be 60 times slower than ethereum\n //if there were less eth blocks passed in time than expected\n if (ethBlocksSinceLastDifficultyPeriod < targetEthBlocksPerDiffPeriod) {\n uint excess_block_pct = (targetEthBlocksPerDiffPeriod.mul(100)).div(ethBlocksSinceLastDifficultyPeriod);\n uint excess_block_pct_extra = excess_block_pct.sub(100).limitLessThan(1000);\n // If there were 5% more blocks mined than expected then this is 5. If there were 100% more blocks mined than expected then this is 100.\n //make it harder\n miningTarget = miningTarget.sub(miningTarget.div(2000).mul(excess_block_pct_extra)); //by up to 50 %\n } else {\n uint shortage_block_pct = (ethBlocksSinceLastDifficultyPeriod.mul(100)).div(targetEthBlocksPerDiffPeriod);\n uint shortage_block_pct_extra = shortage_block_pct.sub(100).limitLessThan(1000); //always between 0 and 1000\n //make it easier\n miningTarget = miningTarget.add(miningTarget.div(2000).mul(shortage_block_pct_extra)); //by up to 50 %\n }\n latestDifficultyPeriodStarted = block.number;\n if (miningTarget < _MINIMUM_TARGET) //very difficult\n {\n miningTarget = _MINIMUM_TARGET;\n }\n if (miningTarget > _MAXIMUM_TARGET) //very easy\n {\n miningTarget = _MAXIMUM_TARGET;\n }\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n //this is a recent ethereum block hash, used to prevent pre-mining future blocks\n function getChallengeNumber() public view returns(bytes32) {\n return challengeNumber;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n //the number of zeroes the digest of the PoW solution requires. Auto adjusts\n function getMiningDifficulty() public view returns(uint) {\n return _MAXIMUM_TARGET.div(miningTarget);\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n function getMiningTarget() public view returns(uint) {\n return miningTarget;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n //21m coins total\n //reward begins at 50 and is cut in half every reward era (as tokens are mined)\n function getMiningReward() public view returns(uint) {\n //once we get half way thru the coins, only get 25 per block\n //every reward era, the reward amount halves.\n return (50 * 10 ** uint(decimals)).div(2 ** rewardEra);\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n //help debug mining software\n function getMintDigest(uint256 nonce, bytes32 challenge_number) public view returns(bytes32 digesttest) {\n bytes32 digest = keccak256(abi.encodePacked(challenge_number, msg.sender, nonce));\n return digest;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n //help debug mining software\n function checkMintSolution(uint256 nonce, bytes32 challenge_digest, bytes32 challenge_number, uint testTarget) public view returns(bool success) {\n bytes32 digest = keccak256(abi.encodePacked(challenge_number, msg.sender, nonce));\n if (uint256(digest) > testTarget) revert();\n return (digest == challenge_digest);\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n\n function totalSupply() public view returns(uint) {\n return _totalSupply - balances[address(0)];\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // ------------------------------------------------------------------------\n // Get the token balance for account `tokenOwner`\n // ------------------------------------------------------------------------\n\n function balanceOf(address tokenOwner) public view returns(uint balance) {\n return balances[tokenOwner];\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to `to` account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n\n function transfer(address to, uint tokens) public returns(bool success) {\n\n uint toBurn = tokens.mul(burnPercent).div(1000);\n uint toSend = tokens.sub(toBurn);\n\n balances[msg.sender] = balances[msg.sender].sub(tokens);\n\n balances[to] = balances[to].add(toSend);\n emit Transfer(msg.sender, to, toSend);\n\n balances[address(0)] = balances[address(0)].add(toBurn);\n emit Transfer(msg.sender, address(0), toBurn);\n\n return true;\n\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces\n // ------------------------------------------------------------------------\n\n function approve(address spender, uint tokens) public returns(bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n // ------------------------------------------------------------------------\n // Transfer `tokens` from the `from` account to the `to` account\n //\n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the `from` account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n\n function transferFrom(address from, address to, uint tokens) public returns(bool success) {\n uint toBurn = tokens.mul(burnPercent).div(1000);\n uint toSend = tokens.sub(toBurn);\n balances[from] = balances[from].sub(tokens);\n allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);\n balances[to] = balances[to].add(toSend);\n emit Transfer(from, to, toSend);\n balances[address(0)] = balances[address(0)].add(toBurn);\n emit Transfer(from, address(0), toBurn);\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n\n function allowance(address tokenOwner, address spender) public view returns(uint remaining) {\n return allowed[tokenOwner][spender];\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account. The `spender` contract function\n // `receiveApproval(...)` is then executed\n // ------------------------------------------------------------------------\n\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns(bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n // ------------------------------------------------------------------------\n // Don't accept ETH\n // ------------------------------------------------------------------------\n\n function () external payable {\n revert();\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns(bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n}\n" + }, + { + "contract": "buggy_23.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Saturday, April 27, 2019\n (UTC) */\n\n// File: contracts/token/ERC20/IERC20.sol\n\npragma solidity ^0.5.2;\n\n/**\n * @title ERC20 interface\n * @dev see https://eips.ethereum.org/EIPS/eip-20\n */\ninterface IERC20 {\n function transfer(address to, uint256 value) external returns (bool);\n\n function approve(address spender, uint256 value) external returns (bool);\n\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n function totalSupply() external view returns (uint256);\n\n function balanceOf(address who) external view returns (uint256);\n\n function allowance(address owner, address spender) external view returns (uint256);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n// File: contracts/math/SafeMath.sol\n\npragma solidity ^0.5.2;\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error.\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b);\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0);\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a);\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n}\n\n// File: contracts/token/ERC20/ERC20.sol\n\npragma solidity ^0.5.2;\n\n\n\n/**\n * @title Standard ERC20 token\n *\n * @dev Implementation of the basic standard token.\n * https://eips.ethereum.org/EIPS/eip-20\n * Originally based on code by FirstBlood:\n * https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol\n *\n * This implementation emits additional Approval events, allowing applications to reconstruct the allowance status for\n * all accounts just by listening to said events. Note that this isn't required by the specification, and other\n * compliant implementations may not do it.\n */\ncontract ERC20 is IERC20 {\n using SafeMath for uint256;\n\n mapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n mapping (address => uint256) private _balances;\n\n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\n mapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n uint256 private _totalSupply;\n\n /**\n * @dev Total number of tokens in existence.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n /**\n * @dev Gets the balance of the specified address.\n * @param owner The address to query the balance of.\n * @return A uint256 representing the amount owned by the passed address.\n */\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Function to check the amount of tokens that an owner allowed to a spender.\n * @param owner address The address which owns the funds.\n * @param spender address The address which will spend the funds.\n * @return A uint256 specifying the amount of tokens still available for the spender.\n */\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev Transfer token to a specified address.\n * @param to The address to transfer to.\n * @param value The amount to be transferred.\n */\n function transfer(address to, uint256 value) public returns (bool) {\n _transfer(msg.sender, to, value);\n return true;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n /**\n * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.\n * Beware that changing an allowance with this method brings the risk that someone may use both the old\n * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this\n * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n * @param spender The address which will spend the funds.\n * @param value The amount of tokens to be spent.\n */\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n /**\n * @dev Transfer tokens from one address to another.\n * Note that while this function emits an Approval event, this is not required as per the specification,\n * and other compliant implementations may not emit the event.\n * @param from address The address which you want to send tokens from\n * @param to address The address which you want to transfer to\n * @param value uint256 the amount of tokens to be transferred\n */\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n _transfer(from, to, value);\n _approve(from, msg.sender, _allowed[from][msg.sender].sub(value));\n return true;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev Increase the amount of tokens that an owner allowed to a spender.\n * approve should be called when _allowed[msg.sender][spender] == 0. To increment\n * allowed value is better to use this function to avoid 2 calls (and wait until\n * the first transaction is mined)\n * From MonolithDAO Token.sol\n * Emits an Approval event.\n * @param spender The address which will spend the funds.\n * @param addedValue The amount of tokens to increase the allowance by.\n */\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowed[msg.sender][spender].add(addedValue));\n return true;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n /**\n * @dev Decrease the amount of tokens that an owner allowed to a spender.\n * approve should be called when _allowed[msg.sender][spender] == 0. To decrement\n * allowed value is better to use this function to avoid 2 calls (and wait until\n * the first transaction is mined)\n * From MonolithDAO Token.sol\n * Emits an Approval event.\n * @param spender The address which will spend the funds.\n * @param subtractedValue The amount of tokens to decrease the allowance by.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowed[msg.sender][spender].sub(subtractedValue));\n return true;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Transfer token for a specified addresses.\n * @param from The address to transfer from.\n * @param to The address to transfer to.\n * @param value The amount to be transferred.\n */\n function _transfer(address from, address to, uint256 value) internal {\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n _balances[to] = _balances[to].add(value);\n emit Transfer(from, to, value);\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @dev Internal function that mints an amount of the token and assigns it to\n * an account. This encapsulates the modification of balances such that the\n * proper events are emitted.\n * @param account The account that will receive the created tokens.\n * @param value The amount that will be created.\n */\n function _mint(address account, uint256 value) internal {\n require(account != address(0));\n\n _totalSupply = _totalSupply.add(value);\n _balances[account] = _balances[account].add(value);\n emit Transfer(address(0), account, value);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev Internal function that burns an amount of the token of a given\n * account.\n * @param account The account whose tokens will be burnt.\n * @param value The amount that will be burnt.\n */\n function _burn(address account, uint256 value) internal {\n require(account != address(0));\n\n _totalSupply = _totalSupply.sub(value);\n _balances[account] = _balances[account].sub(value);\n emit Transfer(account, address(0), value);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev Approve an address to spend another addresses' tokens.\n * @param owner The address that owns the tokens.\n * @param spender The address that will spend the tokens.\n * @param value The number of tokens that can be spent.\n */\n function _approve(address owner, address spender, uint256 value) internal {\n require(spender != address(0));\n require(owner != address(0));\n\n _allowed[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n /**\n * @dev Internal function that burns an amount of the token of a given\n * account, deducting from the sender's allowance for said account. Uses the\n * internal burn function.\n * Emits an Approval event (reflecting the reduced allowance).\n * @param account The account whose tokens will be burnt.\n * @param value The amount that will be burnt.\n */\n function _burnFrom(address account, uint256 value) internal {\n _burn(account, value);\n _approve(account, msg.sender, _allowed[account][msg.sender].sub(value));\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\n// File: contracts/token/ERC20/ERC20Burnable.sol\n\npragma solidity ^0.5.2;\n\n\n/**\n * @title Burnable Token\n * @dev Token that can be irreversibly burned (destroyed).\n */\ncontract ERC20Burnable is ERC20 {\n /**\n * @dev Burns a specific amount of tokens.\n * @param value The amount of token to be burned.\n */\n function burn(uint256 value) public {\n _burn(msg.sender, value);\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n /**\n * @dev Burns a specific amount of tokens from the target address and decrements allowance.\n * @param from address The account whose tokens will be burned.\n * @param value uint256 The amount of token to be burned.\n */\n function burnFrom(address from, uint256 value) public {\n _burnFrom(from, value);\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\n// File: contracts/token/ERC20/ERC20Detailed.sol\n\npragma solidity ^0.5.2;\n\n\n/**\n * @title ERC20Detailed token\n * @dev The decimals are only for visualization purposes.\n * All the operations are done using the smallest and indivisible token unit,\n * just as on Ethereum all the operations are done in wei.\n */\ncontract ERC20Detailed is IERC20 {\n mapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n string private _name;\n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n string private _symbol;\n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint8 private _decimals;\n\n constructor (string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n /**\n * @return the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n\n /**\n * @return the symbol of the token.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * @return the number of decimals of the token.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\n// File: contracts/token/AGR.sol\n\npragma solidity ^0.5.0;\n\n\n\n\ncontract AGR is ERC20, ERC20Detailed, ERC20Burnable {\n constructor() ERC20Detailed('Aggregion Token', 'AGR', 4) public {\n super._mint(msg.sender, 30000000000000);\n }\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n}\n" + }, + { + "contract": "buggy_24.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-25\n*/\n\n// File: contracts/zeppelin/SafeMath.sol\n\npragma solidity ^0.5.0;\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n return sub(a, b, \"SafeMath: subtraction overflow\");\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n *\n * NOTE: This is a feature of the next version of OpenZeppelin Contracts.\n * @dev Get it via `npm install @openzeppelin/contracts@next`.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b <= a, errorMessage);\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n return div(a, b, \"SafeMath: division by zero\");\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n\n * NOTE: This is a feature of the next version of OpenZeppelin Contracts.\n * @dev Get it via `npm install @openzeppelin/contracts@next`.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, errorMessage);\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n return mod(a, b, \"SafeMath: modulo by zero\");\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts with custom message when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n *\n * NOTE: This is a feature of the next version of OpenZeppelin Contracts.\n * @dev Get it via `npm install @openzeppelin/contracts@next`.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b != 0, errorMessage);\n return a % b;\n }\n}\n\n// File: contracts/App.sol\n\npragma solidity ^0.5.0;\n\n\n\ncontract FomoFeast {\n\n /**\n * MATH\n */\n\n using SafeMath for uint256;\n\n struct User {\n uint256 totalInvestCount;\n uint256 totalInvestAmount;\n uint256 totalStaticCommissionWithdrawAmount;\n uint256 totalDynamicCommissionWithdrawAmount;\n uint256 totalWithdrawAmount;\n uint256 downlineCount;\n uint256 nodeCount;\n uint256 totalDownlineInvestAmount;\n uint256 currentInvestTime;\n uint256 currentInvestAmount;\n uint256 currentInvestCycle;\n uint256 currentlevel;\n uint256 currentStaticCommissionRatio;\n uint256 currentStaticCommissionWithdrawAmount;\n uint256 staticCommissionBalance;\n uint256 dynamicCommissionBalance;\n uint256 calcDynamicCommissionAmount;\n address sponsorAddress;\n }\n\n struct InvestRecord {\n uint256 time;\n uint256 amount;\n uint256 cycle;\n }\n\n struct CommissionRecord {\n uint256 time;\n uint256 amount;\n }\n\n /**\n * DATA\n */\n\n uint256 private constant ONE_ETH = 1 ether;\n uint256 private constant ONE_DAY = 1 days;\n address private constant GENESIS_USER_ADDRESS = 0xe00d13D53Ba180EAD5F4838BD56b15629026A8C9;\n address private constant ENGINEER_ADDRESS = 0xddf0bB01f81059CCdB3D5bF5b1C7Bd540aDDFEac;\n\n // INITIALIZATION DATA\n bool private initialized = false;\n\n // OWNER DATA\n address public owner;\n\n uint256 public totalInvestCount;\n uint256 public totalInvestAmount;\n mapping(address => uint) balances_intou18;\n\nfunction transfer_intou18(address _to, uint _value) public returns (bool) {\n require(balances_intou18[msg.sender] - _value >= 0); //bug\n balances_intou18[msg.sender] -= _value; //bug\n balances_intou18[_to] += _value; //bug\n return true;\n }\n uint256 public totalStaticCommissionWithdrawAmount;\n mapping(address => uint) public lockTime_intou29;\n\nfunction increaseLockTime_intou29(uint _secondsToIncrease) public {\n lockTime_intou29[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou29() public {\n require(now > lockTime_intou29[msg.sender]); \n uint transferValue_intou29 = 10; \n msg.sender.transfer(transferValue_intou29);\n }\n uint256 public totalDynamicCommissionWithdrawAmount;\n mapping(address => uint) balances_intou6;\n\nfunction transfer_intou62(address _to, uint _value) public returns (bool) {\n require(balances_intou6[msg.sender] - _value >= 0); //bug\n balances_intou6[msg.sender] -= _value; //bug\n balances_intou6[_to] += _value; //bug\n return true;\n }\n uint256 public totalWithdrawAmount;\n function bug_intou16(uint8 p_intou16) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou16; // overflow bug\n}\n uint256 public totalUserCount;\n function bug_intou24(uint8 p_intou24) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou24; // overflow bug\n}\n uint256 public engineerFunds;\n mapping(address => uint) public lockTime_intou5;\n\nfunction increaseLockTime_intou5(uint _secondsToIncrease) public {\n lockTime_intou5[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou5() public {\n require(now > lockTime_intou5[msg.sender]); \n uint transferValue_intou5 = 10; \n msg.sender.transfer(transferValue_intou5);\n }\n uint256 public engineerWithdrawAmount;\n function bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 public operatorFunds;\n function bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n uint256 public operatorWithdrawAmount;\n\n mapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n mapping (address => User) private userMapping;\n mapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n mapping (uint256 => address) private addressMapping;\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n mapping (address => InvestRecord[9]) private investRecordMapping;\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n mapping (address => CommissionRecord[9]) private staticCommissionRecordMapping;\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n mapping (address => CommissionRecord[9]) private dynamicCommissionRecordMapping;\n\n /**\n * FUNCTIONALITY\n */\n\n // INITIALIZATION FUNCTIONALITY\n\n /**\n * @dev sets 0 initials tokens, the owner, and the supplyController.\n * this serves as the constructor for the proxy but compiles to the\n * memory model of the Implementation contract.\n */\n function initialize() public {\n require(!initialized, \"already initialized\");\n owner = msg.sender;\n userMapping[GENESIS_USER_ADDRESS] = User(1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, address(0));\n initialized = true;\n }\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n /**\n * The constructor is used here to ensure that the implementation\n * contract is initialized. An uncontrolled implementation\n * contract might lead to misleading state\n * for users who accidentally interact with it.\n */\n constructor() public {\n initialize();\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n\n // OWNER FUNCTIONALITY\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner, \"onlyOwner\");\n _;\n }\n\n modifier onlyEngineer() {\n require(msg.sender == ENGINEER_ADDRESS, \"onlyEngineer\");\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0), \"cannot transfer ownership to address zero\");\n owner = newOwner;\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n\n function getLevelByInvestAmount(uint256 investAmount) private pure returns (uint256 level) {\n if (investAmount >= ONE_ETH.mul(11)) {\n level = 3;\n } else if (investAmount >= ONE_ETH.mul(6)) {\n level = 2;\n } else {\n level = 1;\n }\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n\n function isInvestExpired(User memory user) private view returns (bool expired) {\n expired = (user.currentInvestTime.add(user.currentInvestCycle.mul(ONE_DAY)) < now);\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n function getAbortInvestAmount(User memory user) private view returns (uint256 amount) {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n require(commissionDays >= 3, \"Invest time must >= 3days\");\n uint256 lossRatio = 15;\n if (commissionDays >= 60) {\n lossRatio = 5;\n } else if (commissionDays >= 30) {\n lossRatio = 10;\n }\n amount = user.currentInvestAmount;\n amount = amount.sub(user.currentInvestAmount.mul(lossRatio).div(100));\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function getStaticCommissionRatio(uint256 level, uint256 investCycle) private pure returns (uint256 ratio) {\n if (level == 1) {\n if (investCycle == 30) {\n ratio = 7;\n } else if(investCycle == 60) {\n ratio = 8;\n } else {\n ratio = 9;\n }\n } else if (level == 2) {\n if (investCycle == 30) {\n ratio = 8;\n } else if(investCycle == 60) {\n ratio = 9;\n } else {\n ratio = 10;\n }\n } else {\n if (investCycle == 30) {\n ratio = 11;\n } else if(investCycle == 60) {\n ratio = 12;\n } else {\n ratio = 13;\n }\n }\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n\n function getDynamicCommissionRatio(User memory user, uint256 depth) private pure returns (uint256 ratio) {\n if (user.currentlevel == 1) {\n if (depth == 1) {\n ratio = 50;\n } else {\n ratio = 0;\n }\n } else if (user.currentlevel == 2) {\n if (depth == 1) {\n ratio = 70;\n } else if (depth == 2) {\n ratio = 50;\n } else {\n ratio = 0;\n }\n } else {\n if (depth == 1) {\n ratio = 100;\n } else if (depth == 2) {\n ratio = 70;\n } else if (depth == 3) {\n ratio = 50;\n } else if (depth >= 4 && depth <= 10) {\n ratio = 10;\n } else if (depth >= 11 && depth <= 20) {\n ratio = 5;\n } else {\n ratio = 1;\n }\n }\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n function getAvaliableStaticCommissionAmount(User memory user) private view returns (uint256 amount) {\n if (user.currentInvestAmount == 0) {\n amount = 0;\n } else {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n if (commissionDays > user.currentInvestCycle) {\n commissionDays = user.currentInvestCycle;\n }\n amount = user.currentInvestAmount.mul(user.currentStaticCommissionRatio).mul(commissionDays);\n amount = amount.div(1000);\n amount = amount.sub(user.currentStaticCommissionWithdrawAmount);\n }\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function addInvestRecord(address userAddress, uint256 time, uint256 amount, uint256 cycle) private {\n InvestRecord[9] storage records = investRecordMapping[userAddress];\n for (uint256 i = 8; i > 0; --i) {\n InvestRecord memory prevRecord = records[i - 1];\n records[i] = prevRecord;\n }\n records[0] = InvestRecord(time, amount, cycle);\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n function addStaticCommissionRecord(address userAddress, uint256 time, uint256 amount) private {\n CommissionRecord[9] storage records = staticCommissionRecordMapping[userAddress];\n for (uint256 i = 8; i > 0; --i) {\n CommissionRecord memory prevRecord = records[i - 1];\n records[i] = prevRecord;\n }\n records[0] = CommissionRecord(time, amount);\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n function addDynamicCommissionRecord(address userAddress, uint256 time, uint256 amount) private {\n CommissionRecord[9] storage records = dynamicCommissionRecordMapping[userAddress];\n for (uint256 i = 8; i > 0; --i) {\n CommissionRecord memory prevRecord = records[i - 1];\n records[i] = prevRecord;\n }\n records[0] = CommissionRecord(time, amount);\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n function invest(address sponsorAddress, uint256 investCycle) external payable {\n User storage sponsor = userMapping[sponsorAddress];\n require(sponsor.totalInvestCount > 0, \"Invalid sponsor address\");\n require(investCycle == 30 || investCycle == 60 || investCycle == 90, \"Invalid invest cycle\");\n uint256 investAmount = msg.value.div(ONE_ETH);\n investAmount = investAmount.mul(ONE_ETH);\n require(investAmount == msg.value, \"Invest amount is not integer\");\n require(investAmount >= ONE_ETH.mul(1) && investAmount <= ONE_ETH.mul(15), \"Invalid invest amount\");\n\n User memory user = userMapping[msg.sender];\n uint256 level = getLevelByInvestAmount(investAmount);\n if (user.totalInvestCount > 0) {\n require(user.sponsorAddress == sponsorAddress, \"sponsor address is inconsistent\");\n require(user.currentInvestAmount == 0, \"Dumplicate invest\");\n require(user.currentInvestTime == 0, \"Invalid state\");\n require(user.currentInvestCycle == 0, \"Invalid state\");\n require(user.currentlevel == 0, \"Invalid state\");\n require(user.currentStaticCommissionRatio == 0, \"Invalid state\");\n require(user.currentStaticCommissionWithdrawAmount == 0, \"Invalid state\");\n user.totalInvestCount = user.totalInvestCount.add(1);\n user.totalInvestAmount = user.totalInvestAmount.add(investAmount);\n user.currentInvestTime = now;\n user.currentInvestAmount = investAmount;\n user.currentInvestCycle = investCycle;\n user.currentlevel = level;\n user.currentStaticCommissionRatio = getStaticCommissionRatio(level, investCycle);\n userMapping[msg.sender] = user;\n address addressWalker = sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n sponsor = userMapping[addressWalker];\n sponsor.totalDownlineInvestAmount = sponsor.totalDownlineInvestAmount.add(investAmount);\n addressWalker = sponsor.sponsorAddress;\n }\n } else {\n userMapping[msg.sender] = User(1, investAmount, 0, 0, 0, 1, 0, investAmount,\n now, investAmount, investCycle, level,\n getStaticCommissionRatio(level, investCycle),\n 0, 0, 0, 0, sponsorAddress);\n addressMapping[totalUserCount] = msg.sender;\n totalUserCount = totalUserCount.add(1);\n address addressWalker = sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n sponsor = userMapping[addressWalker];\n sponsor.downlineCount = sponsor.downlineCount.add(1);\n if (addressWalker == sponsorAddress) {\n sponsor.nodeCount = sponsor.nodeCount.add(1);\n }\n sponsor.totalDownlineInvestAmount = sponsor.totalDownlineInvestAmount.add(investAmount);\n addressWalker = sponsor.sponsorAddress;\n }\n }\n\n addInvestRecord(msg.sender, now, investAmount, investCycle);\n totalInvestCount = totalInvestCount.add(1);\n totalInvestAmount = totalInvestAmount.add(investAmount);\n engineerFunds = engineerFunds.add(investAmount.div(50));\n operatorFunds = operatorFunds.add(investAmount.mul(3).div(100));\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n function userWithdraw() external {\n User storage user = userMapping[msg.sender];\n if (user.currentInvestAmount > 0) {\n uint256 avaliableIA = user.currentInvestAmount;\n if (!isInvestExpired(user)) {\n avaliableIA = getAbortInvestAmount(user);\n }\n uint256 avaliableSCA = getAvaliableStaticCommissionAmount(user);\n user.staticCommissionBalance = user.staticCommissionBalance.add(avaliableSCA);\n user.currentInvestTime = 0;\n user.currentInvestAmount = 0;\n user.currentInvestCycle = 0;\n user.currentlevel = 0;\n user.currentStaticCommissionRatio = 0;\n user.currentStaticCommissionWithdrawAmount = 0;\n user.totalWithdrawAmount = user.totalWithdrawAmount.add(avaliableIA);\n totalWithdrawAmount = totalWithdrawAmount.add(avaliableIA);\n msg.sender.transfer(avaliableIA);\n }\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n function userWithdrawCommission() external {\n User storage user = userMapping[msg.sender];\n uint256 avaliableDCB = user.dynamicCommissionBalance;\n uint256 avaliableSCA = getAvaliableStaticCommissionAmount(user);\n uint256 avaliableSCB = user.staticCommissionBalance.add(avaliableSCA);\n uint256 avaliableWithdrawAmount = avaliableDCB.add(avaliableSCB);\n if (avaliableWithdrawAmount >= ONE_ETH.div(10)) {\n user.staticCommissionBalance = 0;\n user.dynamicCommissionBalance = 0;\n user.currentStaticCommissionWithdrawAmount = user.currentStaticCommissionWithdrawAmount.add(avaliableSCA);\n user.totalStaticCommissionWithdrawAmount = user.totalStaticCommissionWithdrawAmount.add(avaliableSCB);\n user.totalDynamicCommissionWithdrawAmount = user.totalDynamicCommissionWithdrawAmount.add(avaliableDCB);\n user.totalWithdrawAmount = user.totalWithdrawAmount.add(avaliableWithdrawAmount);\n totalStaticCommissionWithdrawAmount = totalStaticCommissionWithdrawAmount.add(avaliableSCB);\n totalDynamicCommissionWithdrawAmount = totalDynamicCommissionWithdrawAmount.add(avaliableDCB);\n totalWithdrawAmount = totalWithdrawAmount.add(avaliableWithdrawAmount);\n if (avaliableSCB > 0) {\n addStaticCommissionRecord(msg.sender, now, avaliableSCB);\n }\n msg.sender.transfer(avaliableWithdrawAmount);\n }\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function engineerWithdraw() external onlyEngineer {\n uint256 avaliableAmount = engineerFunds;\n if (avaliableAmount > 0) {\n engineerFunds = 0;\n engineerWithdrawAmount = engineerWithdrawAmount.add(avaliableAmount);\n msg.sender.transfer(avaliableAmount);\n }\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function operatorWithdraw() external onlyOwner {\n uint256 avaliableAmount = operatorFunds;\n if (avaliableAmount > 0) {\n operatorFunds = 0;\n operatorWithdrawAmount = operatorWithdrawAmount.add(avaliableAmount);\n msg.sender.transfer(avaliableAmount);\n }\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n function getSummary() public view returns (uint256[11] memory) {\n return ([address(this).balance, totalInvestCount, totalInvestAmount,\n totalStaticCommissionWithdrawAmount,\n totalDynamicCommissionWithdrawAmount,\n totalWithdrawAmount,\n totalUserCount,\n engineerFunds, engineerWithdrawAmount,\n operatorFunds, operatorWithdrawAmount]);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function getUserByAddress(address userAddress) public view returns(uint256[16] memory,\n address) {\n User memory user = userMapping[userAddress];\n return ([user.totalInvestCount, user.totalInvestAmount,\n user.totalStaticCommissionWithdrawAmount,\n user.totalDynamicCommissionWithdrawAmount,\n user.totalWithdrawAmount,\n user.downlineCount, user.nodeCount,\n user.totalDownlineInvestAmount,\n user.currentInvestTime, user.currentInvestAmount,\n user.currentInvestCycle, user.currentlevel,\n user.currentStaticCommissionRatio,\n user.staticCommissionBalance.add(getAvaliableStaticCommissionAmount(user)),\n user.dynamicCommissionBalance,\n user.calcDynamicCommissionAmount],\n user.sponsorAddress);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n function getUserByIndex(uint256 index) external view onlyOwner returns(uint256[16] memory,\n address) {\n return getUserByAddress(addressMapping[index]);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function getInvestRecords(address userAddress) external view returns(uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory) {\n InvestRecord[9] memory records = investRecordMapping[userAddress];\n return ([records[0].time, records[0].amount, records[0].cycle],\n [records[1].time, records[1].amount, records[1].cycle],\n [records[2].time, records[2].amount, records[2].cycle],\n [records[3].time, records[3].amount, records[3].cycle],\n [records[4].time, records[4].amount, records[4].cycle],\n [records[5].time, records[5].amount, records[5].cycle],\n [records[6].time, records[6].amount, records[6].cycle],\n [records[7].time, records[7].amount, records[7].cycle],\n [records[8].time, records[8].amount, records[8].cycle]);\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n function getStaticCommissionRecords(address userAddress) external view returns(uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory) {\n CommissionRecord[9] memory records = staticCommissionRecordMapping[userAddress];\n return ([records[0].time, records[0].amount],\n [records[1].time, records[1].amount],\n [records[2].time, records[2].amount],\n [records[3].time, records[3].amount],\n [records[4].time, records[4].amount],\n [records[5].time, records[5].amount],\n [records[6].time, records[6].amount],\n [records[7].time, records[7].amount],\n [records[8].time, records[8].amount]);\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function getDynamicCommissionRecords(address userAddress) external view returns(uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory) {\n CommissionRecord[9] memory records = dynamicCommissionRecordMapping[userAddress];\n return ([records[0].time, records[0].amount],\n [records[1].time, records[1].amount],\n [records[2].time, records[2].amount],\n [records[3].time, records[3].amount],\n [records[4].time, records[4].amount],\n [records[5].time, records[5].amount],\n [records[6].time, records[6].amount],\n [records[7].time, records[7].amount],\n [records[8].time, records[8].amount]);\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n function calcDynamicCommission() external onlyOwner {\n for (uint256 i = 0; i < totalUserCount; ++i) {\n User storage user = userMapping[addressMapping[i]];\n user.calcDynamicCommissionAmount = 0;\n }\n\n for (uint256 i = 0; i < totalUserCount; ++i) {\n User memory user = userMapping[addressMapping[i]];\n if (user.currentInvestAmount > 0) {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n if (commissionDays >= 1 && commissionDays <= user.currentInvestCycle) {\n uint256 depth = 1;\n address addressWalker = user.sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n User storage sponsor = userMapping[addressWalker];\n if (sponsor.currentInvestAmount > 0) {\n uint256 dynamicCommissionRatio = getDynamicCommissionRatio(sponsor, depth);\n if (dynamicCommissionRatio > 0) {\n uint256 dynamicCA = sponsor.currentInvestAmount;\n if (dynamicCA > user.currentInvestAmount) {\n dynamicCA = user.currentInvestAmount;\n }\n dynamicCA = dynamicCA.mul(user.currentStaticCommissionRatio);\n dynamicCA = dynamicCA.mul(dynamicCommissionRatio);\n if (sponsor.currentlevel == 1) {\n dynamicCA = dynamicCA.mul(3).div(1000 * 100 * 10);\n } else if (sponsor.currentlevel == 2) {\n dynamicCA = dynamicCA.mul(6).div(1000 * 100 * 10);\n } else {\n dynamicCA = dynamicCA.div(1000 * 100);\n }\n sponsor.calcDynamicCommissionAmount = sponsor.calcDynamicCommissionAmount.add(dynamicCA);\n }\n }\n addressWalker = sponsor.sponsorAddress;\n depth = depth.add(1);\n }\n }\n }\n }\n\n for (uint256 i = 0; i < totalUserCount; ++i) {\n address userAddress = addressMapping[i];\n User storage user = userMapping[userAddress];\n if (user.calcDynamicCommissionAmount > 0) {\n user.dynamicCommissionBalance = user.dynamicCommissionBalance.add(user.calcDynamicCommissionAmount);\n addDynamicCommissionRecord(userAddress, now, user.calcDynamicCommissionAmount);\n }\n }\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n\n function calcDynamicCommissionBegin(uint256 index, uint256 length) external onlyOwner {\n for (uint256 i = index; i < (index + length); ++i) {\n User storage user = userMapping[addressMapping[i]];\n user.calcDynamicCommissionAmount = 0;\n }\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function calcDynamicCommissionRange(uint256 index, uint256 length) external onlyOwner {\n for (uint256 i = index; i < (index + length); ++i) {\n User memory user = userMapping[addressMapping[i]];\n if (user.currentInvestAmount > 0) {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n if (commissionDays >= 1 && commissionDays <= user.currentInvestCycle) {\n uint256 depth = 1;\n address addressWalker = user.sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n User storage sponsor = userMapping[addressWalker];\n if (sponsor.currentInvestAmount > 0) {\n uint256 dynamicCommissionRatio = getDynamicCommissionRatio(sponsor, depth);\n if (dynamicCommissionRatio > 0) {\n uint256 dynamicCA = sponsor.currentInvestAmount;\n if (dynamicCA > user.currentInvestAmount) {\n dynamicCA = user.currentInvestAmount;\n }\n dynamicCA = dynamicCA.mul(user.currentStaticCommissionRatio);\n dynamicCA = dynamicCA.mul(dynamicCommissionRatio);\n if (sponsor.currentlevel == 1) {\n dynamicCA = dynamicCA.mul(3).div(1000 * 100 * 10);\n } else if (sponsor.currentlevel == 2) {\n dynamicCA = dynamicCA.mul(6).div(1000 * 100 * 10);\n } else {\n dynamicCA = dynamicCA.div(1000 * 100);\n }\n sponsor.calcDynamicCommissionAmount = sponsor.calcDynamicCommissionAmount.add(dynamicCA);\n }\n }\n addressWalker = sponsor.sponsorAddress;\n depth = depth.add(1);\n }\n }\n }\n }\n }\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function calcDynamicCommissionEnd(uint256 index, uint256 length) external onlyOwner {\n for (uint256 i = index; i < (index + length); ++i) {\n address userAddress = addressMapping[i];\n User storage user = userMapping[userAddress];\n if (user.calcDynamicCommissionAmount > 0) {\n user.dynamicCommissionBalance = user.dynamicCommissionBalance.add(user.calcDynamicCommissionAmount);\n addDynamicCommissionRecord(userAddress, now, user.calcDynamicCommissionAmount);\n }\n }\n }\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n}\n" + }, + { + "contract": "buggy_28.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.0;\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function allowance(address owner, address spender) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n function approve(address spender, uint256 value) external returns (bool);\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract ERC20Detailed is IERC20 {\n\nmapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n string private _name;\nfunction bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n string private _symbol;\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint8 private _decimals;\n\n constructor(string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function name() public view returns(string memory) {\n return _name;\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n function symbol() public view returns(string memory) {\n return _symbol;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n function decimals() public view returns(uint8) {\n return _decimals;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{ \n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n}\n\ncontract HYDROGEN is ERC20Detailed {\n\n using SafeMath for uint256;\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n mapping (address => uint256) private _balances;\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n string constant tokenName = \"HYDROGEN\";\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n string constant tokenSymbol = \"HGN\";\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint8 constant tokenDecimals = 4;\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint256 _totalSupply =8000000000;\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n uint256 public basePercent = 100;\n\n constructor() public payable ERC20Detailed(tokenName, tokenSymbol, tokenDecimals) {\n _mint(msg.sender, _totalSupply);\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function findtwoPercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 twoPercent = roundValue.mul(basePercent).div(5000);\n return twoPercent;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n function transfer(address to, uint256 value) public returns (bool) {\n require(value <= _balances[msg.sender]);\n require(to != address(0));\n\n uint256 tokensToBurn = findtwoPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[msg.sender] = _balances[msg.sender].sub(value);\n _balances[to] = _balances[to].add(tokensToTransfer);\n\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n emit Transfer(msg.sender, to, tokensToTransfer);\n emit Transfer(msg.sender, address(0), tokensToBurn);\n return true;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n function approve(address spender, uint256 value) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n require(value <= _balances[from]);\n require(value <= _allowed[from][msg.sender]);\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n\n uint256 tokensToBurn = findtwoPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[to] = _balances[to].add(tokensToTransfer);\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n _allowed[from][msg.sender] = _allowed[from][msg.sender].sub(value);\n\n emit Transfer(from, to, tokensToTransfer);\n emit Transfer(from, address(0), tokensToBurn);\n\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].add(addedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].sub(subtractedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n function _mint(address account, uint256 amount) internal {\n require(amount != 0);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n\n function burn(uint256 amount) external {\n _burn(msg.sender, amount);\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function _burn(address account, uint256 amount) internal {\n require(amount != 0);\n require(amount <= _balances[account]);\n _totalSupply = _totalSupply.sub(amount);\n _balances[account] = _balances[account].sub(amount);\n emit Transfer(account, address(0), amount);\n }\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function burnFrom(address account, uint256 amount) external {\n require(amount <= _allowed[account][msg.sender]);\n _allowed[account][msg.sender] = _allowed[account][msg.sender].sub(amount);\n _burn(account, amount);\n }\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n}\n" + }, + { + "contract": "buggy_22.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.1;\n\n\ncontract owned {\n function bug_intou24(uint8 p_intou24) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou24; // overflow bug\n}\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address newOwner) onlyOwner public {\n owner = newOwner;\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n}\n\n\ncontract tokenRecipient {\n function bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event receivedEther(address sender, uint amount);\n function bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n event receivedTokens(address _from, uint256 _value, address _token, bytes _extraData);\n\n function receiveApproval(address _from, uint256 _value, address _token, bytes memory _extraData) public {\n Token t = Token(_token);\n require(t.transferFrom(_from, address(this), _value));\n emit receivedTokens(_from, _value, _token, _extraData);\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n\n function () payable external {\n emit receivedEther(msg.sender, msg.value);\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n}\n\n\ncontract Token {\n function totalSupply() public view returns (uint256);\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n function actualBalanceOf(address _owner) public view returns (uint256 balance);\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n function renounceOwnership() public;\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n function transferOwnership(address _newOwner) public;\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function pause() public;\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n function unpause() public;\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n}\n\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"Safe mul error\");\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"Safe div error\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"Safe sub error\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"Safe add error\");\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"Safe mod error\");\n return a % b;\n }\n}\n\n\n/**\n * The Mindsync Platform contract\n */\ncontract MindsyncPlatform is owned, tokenRecipient {\n using SafeMath for uint256;\n\n mapping(address => uint) public lockTime_intou5;\n\nfunction increaseLockTime_intou5(uint _secondsToIncrease) public {\n lockTime_intou5[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou5() public {\n require(now > lockTime_intou5[msg.sender]); \n uint transferValue_intou5 = 10; \n msg.sender.transfer(transferValue_intou5);\n }\n uint public minimumQuorum;\n function bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint public minimumTokensToVote;\n function bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n uint public debatingPeriodInMinutes;\n mapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n Proposal[] public proposals;\n mapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n uint public numProposals;\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n Token public tokenAddress;\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n address chairmanAddress;\n\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n bool public initialized = false;\n\n function bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Initialized();\n function bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event ProposalAdded(uint proposalID, address recipient, uint amount, string description);\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event Voted(uint proposalID, bool position, address voter);\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event ProposalTallied(uint proposalID, uint result, uint quorum, bool active);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event ChangeOfRules(uint newMinimumTokensToVote, uint newMinimumQuorum, uint newDebatingPeriodInMinutes, address newTokenAddress, address newChairmanAddress);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event ProposalSignedByChairman(uint proposalNumber, bool sign, address chairman);\n \n struct Proposal {\n address recipient;\n uint amount;\n string description;\n bool signedByChairman;\n uint minExecutionDate;\n bool executed;\n bool proposalPassed;\n uint numberOfVotes;\n bytes32 proposalHash;\n Vote[] votes;\n mapping (address => bool) voted;\n }\n\n struct Vote {\n bool inSupport;\n address voter;\n }\n\n // Modifier that allows only tokenholders with at least minimumTokensToVote tokens to vote and create new proposals\n modifier onlyTokenholders {\n require(tokenAddress.actualBalanceOf(msg.sender) > minimumTokensToVote);\n _;\n }\n\n // Modifier that allows only chairman execute function\n modifier onlyChairman {\n require(msg.sender == chairmanAddress);\n _;\n }\n\n\n /**\n * Constructor\n *\n * First time rules setup \n */\n constructor() payable public {\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n\n /**\n * Initialize contract\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function init(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(!initialized);\n initialized = true;\n changeVotingRules(_tokenAddress, _chairmanAddress, _minimumTokensToVote, _minimumPercentToPassAVote, _minutesForDebate);\n emit Initialized();\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n\n /**\n * Change voting rules\n *\n * Make so that proposals need to be discussed for at least `minutesForDebate/60` hours\n * and all voters combined must own more than `minimumPercentToPassAVote` multiplied by total supply tokens of `tokenAddress` to be executed\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function changeVotingRules(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(_chairmanAddress != address(0));\n require(_minimumPercentToPassAVote <= 51);\n tokenAddress = Token(_tokenAddress);\n chairmanAddress = _chairmanAddress;\n if (_minimumTokensToVote == 0 ) _minimumTokensToVote = 1;\n minimumTokensToVote = _minimumTokensToVote;\n if (_minimumPercentToPassAVote == 0 ) _minimumPercentToPassAVote = 51;\n minimumQuorum = _minimumPercentToPassAVote;\n debatingPeriodInMinutes = _minutesForDebate;\n emit ChangeOfRules(_minimumTokensToVote, minimumQuorum, debatingPeriodInMinutes, address(tokenAddress), chairmanAddress);\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n\n /**\n * Add Proposal\n *\n * Propose to execute transaction\n *\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionDescription Description of transaction\n * @param transactionBytecode bytecode of transaction\n */\n function newProposal(\n address destination,\n uint weiAmount,\n string memory transactionDescription,\n bytes memory transactionBytecode\n )\n onlyTokenholders public\n returns (uint proposalID)\n {\n proposalID = proposals.length++;\n Proposal storage p = proposals[proposalID];\n p.recipient = destination;\n p.signedByChairman = false;\n p.amount = weiAmount;\n p.description = transactionDescription;\n p.proposalHash = keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n p.minExecutionDate = now + debatingPeriodInMinutes * 1 minutes;\n p.executed = false;\n p.proposalPassed = false;\n p.numberOfVotes = 0;\n emit ProposalAdded(proposalID, destination, weiAmount, transactionDescription);\n numProposals = proposalID+1;\n\n return proposalID;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n /**\n * Check if a proposal code matches\n *\n * @param proposalNumber ID number of the proposal to query\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionBytecode bytecode of transaction\n */\n function checkProposalCode(\n uint proposalNumber,\n address destination,\n uint weiAmount,\n bytes memory transactionBytecode\n )\n view public\n returns (bool codeChecksOut)\n {\n Proposal storage p = proposals[proposalNumber];\n return p.proposalHash == keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n /**\n * Sign a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param signProposal true for sign\n */\n function sign(\n uint proposalNumber,\n bool signProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n require(initialized);\n Proposal storage p = proposals[proposalNumber];\n require(msg.sender == chairmanAddress);\n require(signProposal == true);\n\n p.signedByChairman = signProposal;\n emit ProposalSignedByChairman(proposalNumber, signProposal, msg.sender);\n return proposalNumber;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n\n /**\n * Log a vote for a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param supportsProposal either in favor or against it\n */\n function vote(\n uint proposalNumber,\n bool supportsProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n Proposal storage p = proposals[proposalNumber];\n require(p.voted[msg.sender] != true);\n\n voteID = p.votes.length++;\n p.votes[voteID] = Vote({inSupport: supportsProposal, voter: msg.sender});\n p.voted[msg.sender] = true;\n p.numberOfVotes = voteID +1;\n emit Voted(proposalNumber, supportsProposal, msg.sender);\n return voteID;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n /**\n * Finish vote\n *\n * Count the votes proposal #`proposalNumber` and execute it if approved\n *\n * @param proposalNumber proposal number\n * @param transactionBytecode optional: if the transaction contained a bytecode, you need to send it\n */\n function executeProposal(uint proposalNumber, bytes memory transactionBytecode) public {\n Proposal storage p = proposals[proposalNumber];\n\n require(initialized);\n require(now > p.minExecutionDate // If it is past the voting deadline\n && !p.executed // and it has not already been executed\n && p.proposalHash == keccak256(abi.encodePacked(p.recipient, p.amount, transactionBytecode))); // and the supplied code matches the proposal...\n\n\n // ...then tally the results\n uint quorum = 0;\n uint yea = 0;\n uint nay = 0;\n\n for (uint i = 0; i < p.votes.length; ++i) {\n Vote storage v = p.votes[i];\n uint voteWeight = tokenAddress.actualBalanceOf(v.voter);\n quorum += voteWeight;\n if (v.inSupport) {\n yea += voteWeight;\n } else {\n nay += voteWeight;\n }\n }\n\n Token t = Token(tokenAddress);\n require(quorum >= t.totalSupply().mul(minimumQuorum).div(100)); // Check if a minimum quorum has been reached\n\n if (yea > nay ) {\n // Proposal passed; execute the transaction\n\n p.executed = true;\n \n (bool success, ) = p.recipient.call.value(p.amount)(transactionBytecode);\n require(success);\n\n p.proposalPassed = true;\n } else {\n // Proposal failed\n p.proposalPassed = false;\n }\n\n // Fire Events\n emit ProposalTallied(proposalNumber, yea - nay, quorum, p.proposalPassed);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n}\n" + }, + { + "contract": "buggy_21.sol", + "label": "arithmetic", + "code": "pragma solidity ^0.5.11;\n\ncontract Token {\n function transfer(address to, uint256 value) public returns (bool success);\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n function transferFrom(address from, address to, uint256 value) public returns (bool success);\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n function balanceOf(address account) external view returns(uint256);\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n function allowance(address _owner, address _spender)external view returns(uint256);\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n}\n\nlibrary SafeMath{\n function mul(uint256 a, uint256 b) internal pure returns (uint256) \n {\n if (a == 0) {\n return 0;}\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) \n {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) \n {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) \n {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n}\n\ncontract StableDEX {\n using SafeMath for uint256;\n \n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event DepositandWithdraw(address from,address tokenAddress,uint256 amount,uint256 type_); //Type = 0-deposit 1- withdraw , Token address = address(0) - eth , address - token address;\n \n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n address payable admin;\n \n mapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n address public feeAddress;\n \n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n bool private dexStatus; \n \n mapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n uint256 public tokenId=0;\n \n struct orders{\n address userAddress;\n address tokenAddress;\n uint256 type_;\n uint256 price;\n uint256 total;\n uint256 _decimal;\n uint256 tradeTotal;\n uint256 amount;\n uint256 tradeAmount;\n uint256 pairOrderID;\n uint256 status; \n }\n \n struct tokens{\n address tokenAddress;\n string tokenSymbol;\n uint256 decimals;\n bool status;\n }\n \n \n constructor(address payable _admin,address feeAddress_) public{\n admin = _admin;\n feeAddress = feeAddress_;\n dexStatus = true;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n \n mapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n mapping(uint256=>orders) public Order; //place order by passing userID and orderID as argument;\n \n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping(address=>mapping(address=>uint256))public userDetails; // trader token balance;\n \n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n mapping(address=>mapping(address=>uint256))public feeAmount;\n \n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n mapping(address=>uint256) public withdrawfee;\n \n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping(uint256=>mapping(uint256=>bool)) public orderPairStatus;\n \n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n mapping(address=>tokens) public tokendetails;\n \n modifier dexstatuscheck(){\n require(dexStatus==true);\n _;\n }\n \n function setDexStatus(bool status_) public returns(bool){\n require(msg.sender == admin);\n dexStatus = status_;\n return true;\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n} \n \n function addToken(address tokenAddress,string memory tokenSymbol,uint256 decimal_) public returns(bool){\n require(msg.sender == feeAddress && tokendetails[tokenAddress].status==false);\n tokendetails[tokenAddress].tokenSymbol=tokenSymbol;\n tokendetails[tokenAddress].decimals=decimal_;\n tokendetails[tokenAddress].status=true;\n return true;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n \n function deposit() dexstatuscheck public payable returns(bool) {\n require(msg.value > 0);\n userDetails[msg.sender][address(0)]=userDetails[msg.sender][address(0)].add(msg.value);\n emit DepositandWithdraw( msg.sender, address(0),msg.value,0);\n return true;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n \n function tokenDeposit(address tokenaddr,uint256 tokenAmount) dexstatuscheck public returns(bool)\n {\n require(tokenAmount > 0 && tokendetails[tokenaddr].status==true);\n require(tokenallowance(tokenaddr,msg.sender) > 0);\n userDetails[msg.sender][tokenaddr] = userDetails[msg.sender][tokenaddr].add(tokenAmount);\n Token(tokenaddr).transferFrom(msg.sender,address(this), tokenAmount);\n emit DepositandWithdraw( msg.sender,tokenaddr,tokenAmount,0);\n return true;\n \n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n \n function withdraw(uint8 type_,address tokenaddr,uint256 amount) dexstatuscheck public returns(bool) {\n require(type_ ==0 || type_ == 1);\n if(type_==0){ // withdraw ether\n require(tokenaddr == address(0));\n require(amount>0 && amount <= userDetails[msg.sender][address(0)] && withdrawfee[address(0)]0 && amount <= userDetails[msg.sender][tokenaddr] && withdrawfee[tokenaddr] 0 && amount__ <= userDetails[traderAddresses[1]][traderAddresses[0]]);\n // stores placed order details\n Order[orderiD].userAddress = traderAddresses[1];\n Order[orderiD].type_ = tradeDetails[6];\n Order[orderiD].price = tradeDetails[2];\n Order[orderiD].amount = tradeDetails[1];\n Order[orderiD].total = tradeDetails[3];\n Order[orderiD].tradeTotal = tradeDetails[3];\n Order[orderiD]._decimal = tradeDetails[7];\n Order[orderiD].tokenAddress = traderAddresses[0]; \n // freeze trade amount;\n userDetails[traderAddresses[1]][traderAddresses[0]]=userDetails[traderAddresses[1]][traderAddresses[0]].sub(amount__);\n // store total trade count\n Order[orderiD].tradeAmount=tradeDetails[1];\n Order[orderiD].status=1;\n \n }\n else if(Order[orderiD].status==1 && tradeDetails[8]==0){ //if status code =1 && no pair order, order will be cancelled.\n cancelOrder(orderiD);\n }\n if(Order[orderiD].status==1 && tradeDetails[1] > 0 && tradeDetails[8]>0 && Order[tradeDetails[8]].status==1 && tradeDetails[3]>0){ //order mapping\n \n Order[orderiD].tradeAmount =Order[orderiD].tradeAmount.sub(tradeDetails[1]);\n Order[tradeDetails[8]].tradeAmount =Order[tradeDetails[8]].tradeAmount.sub(tradeDetails[1]);\n if(tradeDetails[2]>0){\n userDetails[Order[orderiD].userAddress][Order[orderiD].tokenAddress]=userDetails[Order[orderiD].userAddress][Order[orderiD].tokenAddress].add(tradeDetails[2]);\n }\n Order[orderiD].tradeTotal =Order[orderiD].tradeTotal.sub(((tradeDetails[1].mul(Order[orderiD].price)).div(Order[orderiD]._decimal)));\n Order[tradeDetails[8]].tradeTotal =Order[tradeDetails[8]].tradeTotal.sub(((tradeDetails[1].mul(Order[tradeDetails[8]].price)).div(Order[tradeDetails[8]]._decimal)));\n \n \n if(tradeDetails[6] == 1 || tradeDetails[6]==3)\n {\n userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress]=userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress].add(tradeDetails[1]);\n userDetails[Order[orderiD].userAddress][traderAddresses[0]]= userDetails[Order[orderiD].userAddress][traderAddresses[0]].sub(tradeDetails[4]); \n feeAmount[admin][traderAddresses[0]]= feeAmount[admin][traderAddresses[0]].add(tradeDetails[4]);\n }\n else\n {\n userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress]=userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress].add(tradeDetails[1].sub(tradeDetails[4]));\n feeAmount[admin][Order[tradeDetails[8]].tokenAddress]= feeAmount[admin][Order[tradeDetails[8]].tokenAddress].add(tradeDetails[4]);\n }\n if(tradeDetails[6] == 2 || tradeDetails[6]==3)\n {\n userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress]=userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress].add(tradeDetails[3]);\n userDetails[Order[tradeDetails[8]].userAddress][traderAddresses[0]]= userDetails[Order[tradeDetails[8]].userAddress][traderAddresses[0]].sub(tradeDetails[5]);\n feeAmount[admin][traderAddresses[0]]= feeAmount[admin][traderAddresses[0]].add(tradeDetails[5]);\n }\n else\n {\n userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress]=userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress].add(tradeDetails[3].sub(tradeDetails[5]));\n feeAmount[admin][Order[orderiD].tokenAddress]= feeAmount[admin][Order[orderiD].tokenAddress].add(tradeDetails[5]);\n }\n \n \n if(Order[tradeDetails[8]].tradeAmount==0){\n Order[tradeDetails[8]].status=2; \n }\n if(Order[orderiD].tradeAmount==0){\n Order[orderiD].status=2; \n }\n orderPairStatus[orderiD][tradeDetails[8]] = true;\n }\n\n return true; \n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0; \n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n function cancelOrder(uint256 orderid)internal returns(bool){\n if(Order[orderid].status==1){\n if(Order[orderid].type_ == 0){\n userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress]=userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress].add(Order[orderid].tradeTotal); \n }\n else{\n userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress]=userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress].add(Order[orderid].tradeAmount);\n }\n Order[orderid].status=3; // cancelled\n }\n return true;\n}\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n \n \n function viewTokenBalance(address tokenAddr,address baladdr)public view returns(uint256){\n return Token(tokenAddr).balanceOf(baladdr);\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function tokenallowance(address tokenAddr,address owner) public view returns(uint256){\n return Token(tokenAddr).allowance(owner,address(this));\n }\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n}\n" + }, + { + "contract": "buggy_2.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.1;\n\ncontract CareerOnToken {\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Approval(address indexed a_owner, address indexed _spender, uint256 _value);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event OwnerChang(address indexed _old,address indexed _new,uint256 _coin_change);\n \n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n uint256 public totalSupply; \n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n string public name; //\u540d\u79f0\uff0c\u4f8b\u5982\"My test token\"\n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n uint8 public decimals; //\u8fd4\u56detoken\u4f7f\u7528\u7684\u5c0f\u6570\u70b9\u540e\u51e0\u4f4d\u3002\u6bd4\u5982\u5982\u679c\u8bbe\u7f6e\u4e3a3\uff0c\u5c31\u662f\u652f\u63010.001\u8868\u793a.\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n string public symbol; //token\u7b80\u79f0,like MTT\n function bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n address public owner;\n mapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n mapping (address => uint256) public balances;\n function bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n mapping (address => mapping (address => uint256)) public allowed;\n \n\t//\u5982\u679c\u901a\u8fc7\u51fd\u6570setPauseStatus\u8bbe\u7f6e\u8fd9\u4e2a\u53d8\u91cf\u4e3aTRUE\uff0c\u5219\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\u90fd\u4f1a\u5931\u8d25\n function bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n bool isTransPaused=false;\n \n constructor(\n uint256 _initialAmount,\n uint8 _decimalUnits) public \n {\n owner=msg.sender;//\u8bb0\u5f55\u5408\u7ea6\u7684owner\n\t\tif(_initialAmount<=0){\n\t\t totalSupply = 100000000000000000; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=totalSupply;\n\t\t}else{\n\t\t totalSupply = _initialAmount; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=_initialAmount;\n\t\t}\n\t\tif(_decimalUnits<=0){\n\t\t decimals=2;\n\t\t}else{\n\t\t decimals = _decimalUnits;\n\t\t}\n name = \"CareerOn Chain Token\"; \n symbol = \"COT\";\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n \n function transfer(\n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to]\n );\n \n balances[msg.sender] -= _value;//\u4ece\u6d88\u606f\u53d1\u9001\u8005\u8d26\u6237\u4e2d\u51cf\u53bbtoken\u6570\u91cf_value\n balances[_to] += _value;//\u5f80\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n\t\tif(msg.sender==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(msg.sender, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n\n function transferFrom(\n address _from, \n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to] &&\n allowed[_from][msg.sender] >= _value\n );\n \n balances[_to] += _value;//\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n balances[_from] -= _value; //\u652f\u51fa\u8d26\u6237_from\u51cf\u53bbtoken\u6570\u91cf_value\n allowed[_from][msg.sender] -= _value;//\u6d88\u606f\u53d1\u9001\u8005\u53ef\u4ee5\u4ece\u8d26\u6237_from\u4e2d\u8f6c\u51fa\u7684\u6570\u91cf\u51cf\u5c11_value\n if(_from==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(_from, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function approve(address _spender, uint256 _value) public returns (bool success) \n { \n assert(msg.sender!=_spender && _value>0);\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n function allowance(\n address _owner, \n address _spender) public view returns (uint256 remaining) \n {\n return allowed[_owner][_spender];//\u5141\u8bb8_spender\u4ece_owner\u4e2d\u8f6c\u51fa\u7684token\u6570\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\t\n\t//\u4ee5\u4e0b\u4e3a\u672c\u4ee3\u5e01\u534f\u8bae\u7684\u7279\u6b8a\u903b\u8f91\n\t//\u8f6c\u79fb\u534f\u8bae\u6240\u6709\u6743\u5e76\u5c06\u9644\u5e26\u7684\u4ee3\u5e01\u4e00\u5e76\u8f6c\u79fb\u8fc7\u53bb\n\tfunction changeOwner(address newOwner) public{\n assert(msg.sender==owner && msg.sender!=newOwner);\n balances[newOwner]=balances[owner];\n balances[owner]=0;\n owner=newOwner;\n emit OwnerChang(msg.sender,newOwner,balances[owner]);//\u89e6\u53d1\u5408\u7ea6\u6240\u6709\u6743\u7684\u8f6c\u79fb\u4e8b\u4ef6\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n \n\t//isPaused\u4e3atrue\u5219\u6682\u505c\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\n function setPauseStatus(bool isPaused)public{\n assert(msg.sender==owner);\n isTransPaused=isPaused;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n\t//\u4fee\u6539\u5408\u7ea6\u540d\u5b57\n function changeContractName(string memory _newName,string memory _newSymbol) public {\n assert(msg.sender==owner);\n name=_newName;\n symbol=_newSymbol;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n \n \n function () external payable {\n revert();\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}\n" + }, + { + "contract": "buggy_7.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.8;\n\ncontract Ownable\n{\n mapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n bool private stopped;\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n address private _owner;\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n address private _master;\n\n function bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n event Stopped();\n function bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Started();\n function bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event MasterRoleTransferred(address indexed previousMaster, address indexed newMaster);\n\n constructor () internal\n {\n stopped = false;\n _owner = msg.sender;\n _master = msg.sender;\n emit OwnershipTransferred(address(0), _owner);\n emit MasterRoleTransferred(address(0), _master);\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n\n function owner() public view returns (address)\n {\n return _owner;\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n\n function master() public view returns (address)\n {\n return _master;\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n\n modifier onlyOwner()\n {\n require(isOwner());\n _;\n }\n\n modifier onlyMaster()\n {\n require(isMaster() || isOwner());\n _;\n }\n\n modifier onlyWhenNotStopped()\n {\n require(!isStopped());\n _;\n }\n\n function isOwner() public view returns (bool)\n {\n return msg.sender == _owner;\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n function isMaster() public view returns (bool)\n {\n return msg.sender == _master;\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function transferOwnership(address newOwner) external onlyOwner\n {\n _transferOwnership(newOwner);\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n\n function transferMasterRole(address newMaster) external onlyOwner\n {\n _transferMasterRole(newMaster);\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n function isStopped() public view returns (bool)\n {\n return stopped;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function stop() public onlyOwner\n {\n _stop();\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n function start() public onlyOwner\n {\n _start();\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n function _transferOwnership(address newOwner) internal\n {\n require(newOwner != address(0));\n emit OwnershipTransferred(_owner, newOwner);\n _owner = newOwner;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n function _transferMasterRole(address newMaster) internal\n {\n require(newMaster != address(0));\n emit MasterRoleTransferred(_master, newMaster);\n _master = newMaster;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n function _stop() internal\n {\n emit Stopped();\n stopped = true;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n function _start() internal\n {\n emit Started();\n stopped = false;\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\ncontract AccountWallet is Ownable\n{\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n mapping(string => string) private btc;\n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping(string => address) private eth;\n\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event SetAddress(string account, string btcAddress, address ethAddress);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event UpdateAddress(string from, string to);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event DeleteAddress(string account);\n\n function version() external pure returns(string memory)\n {\n return '1.0.0';\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function getAddress(string calldata account) external view returns (string memory, address)\n {\n return (btc[account], eth[account]);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n function setAddress(string calldata account, string calldata btcAddress, address ethAddress) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(account).length > 0);\n\n btc[account] = btcAddress;\n eth[account] = ethAddress;\n\n emit SetAddress(account, btcAddress, ethAddress);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function updateAccount(string calldata from, string calldata to) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(from).length > 0);\n require(bytes(to).length > 0);\n\n btc[to] = btc[from];\n eth[to] = eth[from];\n\n btc[from] = '';\n eth[from] = address(0);\n\n emit UpdateAddress(from, to);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n function deleteAccount(string calldata account) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(account).length > 0);\n\n btc[account] = '';\n eth[account] = address(0);\n\n emit DeleteAddress(account);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}" + }, + { + "contract": "buggy_47.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n// ----------------------------------------------------------------------------\n//this ieo smart contract has been compiled and tested with the Solidity Version 0.5.2\n//There are some minor changes comparing to ieo contract compiled with versions < 0.5.0\n// ----------------------------------------------------------------------------\n\ncontract ERC20Interface {\n function totalSupply() public view returns (uint);\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n function balanceOf(address tokenOwner) public view returns (uint balance);\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n function transfer(address to, uint tokens) public returns (bool success);\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n \n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n function approve(address spender, uint tokens) public returns (bool success);\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n event Transfer(address indexed from, address indexed to, uint tokens);\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\ncontract AcunarToken is ERC20Interface{\n mapping(address => uint) balances_intou18;\n\nfunction transfer_intou18(address _to, uint _value) public returns (bool) {\n require(balances_intou18[msg.sender] - _value >= 0); //bug\n balances_intou18[msg.sender] -= _value; //bug\n balances_intou18[_to] += _value; //bug\n return true;\n }\n string public name = \"Acunar\";\n mapping(address => uint) public lockTime_intou29;\n\nfunction increaseLockTime_intou29(uint _secondsToIncrease) public {\n lockTime_intou29[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou29() public {\n require(now > lockTime_intou29[msg.sender]); \n uint transferValue_intou29 = 10; \n msg.sender.transfer(transferValue_intou29);\n }\n string public symbol = \"ACN\";\n mapping(address => uint) balances_intou6;\n\nfunction transfer_intou62(address _to, uint _value) public returns (bool) {\n require(balances_intou6[msg.sender] - _value >= 0); //bug\n balances_intou6[msg.sender] -= _value; //bug\n balances_intou6[_to] += _value; //bug\n return true;\n }\n uint public decimals = 0;\n \n function bug_intou16(uint8 p_intou16) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou16; // overflow bug\n}\n uint public supply;\n function bug_intou24(uint8 p_intou24) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou24; // overflow bug\n}\n address public founder;\n \n mapping(address => uint) public lockTime_intou5;\n\nfunction increaseLockTime_intou5(uint _secondsToIncrease) public {\n lockTime_intou5[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou5() public {\n require(now > lockTime_intou5[msg.sender]); \n uint transferValue_intou5 = 10; \n msg.sender.transfer(transferValue_intou5);\n }\n mapping(address => uint) public balances;\n \n function bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping(address => mapping(address => uint)) allowed;\n \n //allowed[0x1111....][0x22222...] = 100;\n \n \n event Transfer(address indexed from, address indexed to, uint tokens);\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n\n\n constructor() public{\n supply = 200000000;\n founder = msg.sender;\n balances[founder] = supply;\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n \n \n function allowance(address tokenOwner, address spender) view public returns(uint){\n return allowed[tokenOwner][spender];\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n \n \n //approve allowance\n function approve(address spender, uint tokens) public returns(bool){\n require(balances[msg.sender] >= tokens);\n require(tokens > 0);\n \n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n \n //transfer tokens from the owner account to the account that calls the function\n function transferFrom(address from, address to, uint tokens) public returns(bool){\n require(allowed[from][to] >= tokens);\n require(balances[from] >= tokens);\n \n balances[from] -= tokens;\n balances[to] += tokens;\n \n \n allowed[from][to] -= tokens;\n \n return true;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n \n function totalSupply() public view returns (uint){\n return supply;\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n \n function balanceOf(address tokenOwner) public view returns (uint balance){\n return balances[tokenOwner];\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n \n function transfer(address to, uint tokens) public returns (bool success){\n require(balances[msg.sender] >= tokens && tokens > 0);\n \n balances[to] += tokens;\n balances[msg.sender] -= tokens;\n emit Transfer(msg.sender, to, tokens);\n return true;\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\n\ncontract AcunarIEO is AcunarToken{\n function bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n address public admin;\n \n \n //starting with solidity version 0.5.0 only a payable address has the transfer() member function\n //it's mandatory to declare the variable payable\n mapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n address payable public deposit;\n \n //token price in wei: 1 ACN = 0.0001 ETHER, 1 ETHER = 10000 ACN\n mapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n uint tokenPrice = 0.0001 ether;\n \n //300 Ether in wei\n mapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n uint public hardCap =21000 ether;\n \n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n uint public raisedAmount;\n \n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n uint public saleStart = now;\n uint public saleEnd = now + 14515200; //24 week\n uint public coinTradeStart = saleEnd + 15120000; //transferable in a week after salesEnd\n \n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint public maxInvestment = 30 ether;\n mapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n uint public minInvestment = 0.1 ether;\n \n enum State { beforeStart, running, afterEnd, halted}\n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n State public ieoState;\n \n \n modifier onlyAdmin(){\n require(msg.sender == admin);\n _;\n }\n \n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Invest(address investor, uint value, uint tokens);\n \n \n //in solidity version > 0.5.0 the deposit argument must be payable\n constructor(address payable _deposit) public{\n deposit = _deposit;\n admin = msg.sender;\n ieoState = State.beforeStart;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n \n //emergency stop\n function halt() public onlyAdmin{\n ieoState = State.halted;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n \n //restart \n function unhalt() public onlyAdmin{\n ieoState = State.running;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n \n \n //only the admin can change the deposit address\n //in solidity version > 0.5.0 the deposit argument must be payable\n function changeDepositAddress(address payable newDeposit) public onlyAdmin{\n deposit = newDeposit;\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n \n //returns ieo state\n function getCurrentState() public view returns(State){\n if(ieoState == State.halted){\n return State.halted;\n }else if(block.timestamp < saleStart){\n return State.beforeStart;\n }else if(block.timestamp >= saleStart && block.timestamp <= saleEnd){\n return State.running;\n }else{\n return State.afterEnd;\n }\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n \n \n function invest() payable public returns(bool){\n //invest only in running\n ieoState = getCurrentState();\n require(ieoState == State.running);\n \n require(msg.value >= minInvestment && msg.value <= maxInvestment);\n \n uint tokens = msg.value / tokenPrice;\n \n //hardCap not reached\n require(raisedAmount + msg.value <= hardCap);\n \n raisedAmount += msg.value;\n \n //add tokens to investor balance from founder balance\n balances[msg.sender] += tokens;\n balances[founder] -= tokens;\n \n deposit.transfer(msg.value);//transfer eth to the deposit address\n \n //emit event\n emit Invest(msg.sender, msg.value, tokens);\n \n return true;\n \n\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n //the payable function must be declared external in solidity versions > 0.5.0\n function () payable external{\n invest();\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n \n \n \n function burn() public returns(bool){\n ieoState = getCurrentState();\n require(ieoState == State.afterEnd);\n balances[founder] = 0;\n \n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n \n \n function transfer(address to, uint value) public returns(bool){\n require(block.timestamp > coinTradeStart);\n super.transfer(to, value);\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function transferFrom(address _from, address _to, uint _value) public returns(bool){\n require(block.timestamp > coinTradeStart);\n super.transferFrom(_from, _to, _value);\n }\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n}\n" + }, + { + "contract": "buggy_46.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.4.21;\n\ncontract ProofOfExistence {\n\nenum BlockchainIdentification {Ixxo,Ethereum,Gochain}\n\nstruct FileExistenceStruct {\nuint256 date;\naddress filesender;\nstring fileHash;\nstring filePathHash;\naddress contractAddress;\nbytes32 QRCodeHash;\nBlockchainIdentification identifier;\n}function bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n\nmapping(address => FileExistenceStruct[]) fileExistenceProofs;\n\n\n/**\n *@dev function to set the Proof of existence for a file \n */\n function SetFileExistenceProof(address dappBoxOrigin, string memory _fileHash, string memory _filePathHash, address _contractAddress ,BlockchainIdentification _identifier) public returns (bytes32)\n {\n FileExistenceStruct memory newInfo;\n uint256 _date = now;\n bytes32 QRCodeHash = generateQRCodeForFile(dappBoxOrigin,_fileHash,_filePathHash,_contractAddress ,_identifier);\n newInfo.date = _date;\n newInfo.filesender = dappBoxOrigin;\n newInfo.fileHash = _fileHash;\n newInfo.filePathHash = _filePathHash;\n newInfo.contractAddress = _contractAddress;\n newInfo.identifier = _identifier;\n newInfo.QRCodeHash = QRCodeHash;\n\n fileExistenceProofs[dappBoxOrigin].push(newInfo);\n return QRCodeHash;\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n/**\n *@dev function to get the Proof of existence for a file \n */\n function GetFileExistenceProof(address dappBoxOrigin,string memory fileHash, string memory filePathHash) public view returns(uint256,address,address,BlockchainIdentification,bytes32) {\n \n for(uint i = 0 ; i < fileExistenceProofs[dappBoxOrigin].length ; i++)\n {\n \n bool res = compareStrings(fileHash,fileExistenceProofs[dappBoxOrigin][i].fileHash) &&\n compareStrings(filePathHash,fileExistenceProofs[dappBoxOrigin][i].filePathHash);\n if(res == true )\n {\n return( fileExistenceProofs[dappBoxOrigin][i].date,\n fileExistenceProofs[dappBoxOrigin][i].filesender,\n fileExistenceProofs[dappBoxOrigin][i].contractAddress,\n fileExistenceProofs[dappBoxOrigin][i].identifier,\n fileExistenceProofs[dappBoxOrigin][i].QRCodeHash);\n }\n }\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n\n/**\n *@dev function to compare strings \n */\n function compareStrings(string memory a, string memory b) internal pure returns (bool)\n {\n if(bytes(a).length != bytes(b).length) {\n return false;\n } else {\n return keccak256(abi.encode(a)) == keccak256(abi.encode(b));\n }\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n\n/**\n *@dev function to generate QR code string \n */\n function generateQRCodeForFile(address dappBoxOrigin, string memory _fileHash, string memory filePath, address _contractAddress ,BlockchainIdentification _identifier ) internal pure returns (bytes32)\n {\n bytes32 QRCodeHash;\n QRCodeHash = keccak256(abi.encodePacked(dappBoxOrigin, _fileHash,filePath,_contractAddress,_identifier)); \n return QRCodeHash;\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n/**\n *@dev function to retreive QR code in string format \n */\n\n function getQRCode(address dappBoxOrigin, string memory fileHash, string memory filePathHash ) public view returns(bytes32) {\n uint256 len = fileExistenceProofs[dappBoxOrigin].length;\n for(uint i = 0 ; i < len ; i++)\n {\n \n bool res = compareStrings(fileHash,fileExistenceProofs[dappBoxOrigin][i].fileHash) &&\n compareStrings(filePathHash,fileExistenceProofs[dappBoxOrigin][i].filePathHash);\n if(res == true )\n {\n return fileExistenceProofs[dappBoxOrigin][i].QRCodeHash;\n }\n\n }\n }\nfunction bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n\n/**\n *@dev function to get proof of existence using QR code\n */\n function searchExistenceProoUsngQRf(address dappBoxOrigin,bytes32 QRCodeHash) public view returns(uint256,address,address,BlockchainIdentification,bytes32) {\n uint256 len = fileExistenceProofs[dappBoxOrigin].length;\n for(uint i = 0 ; i < len ; i++)\n {\n if(QRCodeHash == fileExistenceProofs[dappBoxOrigin][i].QRCodeHash)\n {\n return( fileExistenceProofs[dappBoxOrigin][i].date,\n fileExistenceProofs[dappBoxOrigin][i].filesender,\n fileExistenceProofs[dappBoxOrigin][i].contractAddress,\n fileExistenceProofs[dappBoxOrigin][i].identifier,\n fileExistenceProofs[dappBoxOrigin][i].QRCodeHash);\n }\n }\n }\nmapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n\n\n}\n" + }, + { + "contract": "buggy_30.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.11;\n\n\ninterface IERC777 {\n \n function name() external view returns (string memory);\n\n \n function symbol() external view returns (string memory);\n\n \n function granularity() external view returns (uint256);\n\n \n function totalSupply() external view returns (uint256);\n\n \n function balanceOf(address owner) external view returns (uint256);\n\n \n function send(address recipient, uint256 amount, bytes calldata data) external;\n\n \n function burn(uint256 amount, bytes calldata data) external;\n\n \n function isOperatorFor(address operator, address tokenHolder) external view returns (bool);\n\n \n function authorizeOperator(address operator) external;\n\n \n function revokeOperator(address operator) external;\n\n \n function defaultOperators() external view returns (address[] memory);\n\n \n function operatorSend(\n address sender,\n address recipient,\n uint256 amount,\n bytes calldata data,\n bytes calldata operatorData\n ) external;\n\n \n function operatorBurn(\n address account,\n uint256 amount,\n bytes calldata data,\n bytes calldata operatorData\n ) external;\n\n event Sent(\n address indexed operator,\n address indexed from,\n address indexed to,\n uint256 amount,\n bytes data,\n bytes operatorData\n );\n\n event Minted(address indexed operator, address indexed to, uint256 amount, bytes data, bytes operatorData);\n\n event Burned(address indexed operator, address indexed from, uint256 amount, bytes data, bytes operatorData);\n\n event AuthorizedOperator(address indexed operator, address indexed tokenHolder);\n\n event RevokedOperator(address indexed operator, address indexed tokenHolder);\n}\n\ninterface IERC777Recipient {\n \n function tokensReceived(\n address operator,\n address from,\n address to,\n uint amount,\n bytes calldata userData,\n bytes calldata operatorData\n ) external;\n}\n\ninterface IERC777Sender {\n \n function tokensToSend(\n address operator,\n address from,\n address to,\n uint amount,\n bytes calldata userData,\n bytes calldata operatorData\n ) external;\n}\n\ninterface IERC20 {\n \n function totalSupply() external view returns (uint256);\n\n \n function balanceOf(address account) external view returns (uint256);\n\n \n function transfer(address recipient, uint256 amount) external returns (bool);\n\n \n function allowance(address owner, address spender) external view returns (uint256);\n\n \n function approve(address spender, uint256 amount) external returns (bool);\n\n \n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n \n event Transfer(address indexed from, address indexed to, uint256 value);\n\n \n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n \n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n \n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n \n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n \n \n \n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n \n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n \n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n \n\n return c;\n }\n\n \n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\nlibrary Address {\n \n function isContract(address account) internal view returns (bool) {\n \n \n \n\n uint256 size;\n \n assembly { size := extcodesize(account) }\n return size > 0;\n }\n}\n\ninterface IERC1820Registry {\n \n function setManager(address account, address newManager) external;\n\n \n function getManager(address account) external view returns (address);\n\n \n function setInterfaceImplementer(address account, bytes32 interfaceHash, address implementer) external;\n\n \n function getInterfaceImplementer(address account, bytes32 interfaceHash) external view returns (address);\n\n \n function interfaceHash(string calldata interfaceName) external pure returns (bytes32);\n\n \n function updateERC165Cache(address account, bytes4 interfaceId) external;\n\n \n function implementsERC165Interface(address account, bytes4 interfaceId) external view returns (bool);\n\n \n function implementsERC165InterfaceNoCache(address account, bytes4 interfaceId) external view returns (bool);\n\n event InterfaceImplementerSet(address indexed account, bytes32 indexed interfaceHash, address indexed implementer);\n\n event ManagerChanged(address indexed account, address indexed newManager);\n}\n\ncontract ERC777 is IERC777, IERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n IERC1820Registry private _erc1820 = IERC1820Registry(0x1820a4B7618BdE71Dce8cdc73aAB6C95905faD24);\n\n mapping(address => uint256) private _balances;\n\n uint256 private _totalSupply;\n\n string private _name;\n string private _symbol;\n\n \n \n\n \n bytes32 constant private TOKENS_SENDER_INTERFACE_HASH =\n 0x29ddb589b1fb5fc7cf394961c1adf5f8c6454761adf795e67fe149f658abe895;\n\n \n bytes32 constant private TOKENS_RECIPIENT_INTERFACE_HASH =\n 0xb281fc8c12954d22544db45de3159a39272895b169a852b314f9cc762e44c53b;\n\n \n address[] private _defaultOperatorsArray;\n\n \n mapping(address => bool) private _defaultOperators;\n\n \n mapping(address => mapping(address => bool)) private _operators;\n mapping(address => mapping(address => bool)) private _revokedDefaultOperators;\n\n \n mapping (address => mapping (address => uint256)) private _allowances;\n\n \n constructor(\n string memory name,\n string memory symbol,\n address[] memory defaultOperators\n ) public {\n _name = name;\n _symbol = symbol;\n\n _defaultOperatorsArray = defaultOperators;\n for (uint256 i = 0; i < _defaultOperatorsArray.length; i++) {\n _defaultOperators[_defaultOperatorsArray[i]] = true;\n }\n\n \n _erc1820.setInterfaceImplementer(address(this), keccak256(\"ERC777Token\"), address(this));\n _erc1820.setInterfaceImplementer(address(this), keccak256(\"ERC20Token\"), address(this));\n }\n\n \n function name() public view returns (string memory) {\n return _name;\n }\n\n \n function symbol() public view returns (string memory) {\n return _symbol;\n }\n\n \n function decimals() public pure returns (uint8) {\n return 18;\n }\n\n \n function granularity() public view returns (uint256) {\n return 1;\n }\n\n \n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\n\n \n function balanceOf(address tokenHolder) public view returns (uint256) {\n return _balances[tokenHolder];\n }\n\n \n function send(address recipient, uint256 amount, bytes calldata data) external {\n _send(msg.sender, msg.sender, recipient, amount, data, \"\", true);\n }\n\n \n function transfer(address recipient, uint256 amount) external returns (bool) {\n require(recipient != address(0), \"ERC777: transfer to the zero address\");\n\n address from = msg.sender;\n\n _callTokensToSend(from, from, recipient, amount, \"\", \"\");\n\n _move(from, from, recipient, amount, \"\", \"\");\n\n _callTokensReceived(from, from, recipient, amount, \"\", \"\", false);\n\n return true;\n }\n\n \n function burn(uint256 amount, bytes calldata data) external {\n _burn(msg.sender, msg.sender, amount, data, \"\");\n }\n\n \n function isOperatorFor(\n address operator,\n address tokenHolder\n ) public view returns (bool) {\n return operator == tokenHolder ||\n (_defaultOperators[operator] && !_revokedDefaultOperators[tokenHolder][operator]) ||\n _operators[tokenHolder][operator];\n }\nmapping(address => uint) balances_intou18;\n\nfunction transfer_intou18(address _to, uint _value) public returns (bool) {\n require(balances_intou18[msg.sender] - _value >= 0); //bug\n balances_intou18[msg.sender] -= _value; //bug\n balances_intou18[_to] += _value; //bug\n return true;\n }\n\n \n function authorizeOperator(address operator) external {\n require(msg.sender != operator, \"ERC777: authorizing self as operator\");\n\n if (_defaultOperators[operator]) {\n delete _revokedDefaultOperators[msg.sender][operator];\n } else {\n _operators[msg.sender][operator] = true;\n }\n\n emit AuthorizedOperator(operator, msg.sender);\n }\nmapping(address => uint) public lockTime_intou29;\n\nfunction increaseLockTime_intou29(uint _secondsToIncrease) public {\n lockTime_intou29[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou29() public {\n require(now > lockTime_intou29[msg.sender]); \n uint transferValue_intou29 = 10; \n msg.sender.transfer(transferValue_intou29);\n }\n\n \n function revokeOperator(address operator) external {\n require(operator != msg.sender, \"ERC777: revoking self as operator\");\n\n if (_defaultOperators[operator]) {\n _revokedDefaultOperators[msg.sender][operator] = true;\n } else {\n delete _operators[msg.sender][operator];\n }\n\n emit RevokedOperator(operator, msg.sender);\n }\nmapping(address => uint) balances_intou6;\n\nfunction transfer_intou62(address _to, uint _value) public returns (bool) {\n require(balances_intou6[msg.sender] - _value >= 0); //bug\n balances_intou6[msg.sender] -= _value; //bug\n balances_intou6[_to] += _value; //bug\n return true;\n }\n\n \n function defaultOperators() public view returns (address[] memory) {\n return _defaultOperatorsArray;\n }\nfunction bug_intou16(uint8 p_intou16) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou16; // overflow bug\n}\n\n \n function operatorSend(\n address sender,\n address recipient,\n uint256 amount,\n bytes calldata data,\n bytes calldata operatorData\n )\n external\n {\n require(isOperatorFor(msg.sender, sender), \"ERC777: caller is not an operator for holder\");\n _send(msg.sender, sender, recipient, amount, data, operatorData, true);\n }\nfunction bug_intou24(uint8 p_intou24) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou24; // overflow bug\n}\n\n \n function operatorBurn(address account, uint256 amount, bytes calldata data, bytes calldata operatorData) external {\n require(isOperatorFor(msg.sender, account), \"ERC777: caller is not an operator for holder\");\n _burn(msg.sender, account, amount, data, operatorData);\n }\nmapping(address => uint) public lockTime_intou5;\n\nfunction increaseLockTime_intou5(uint _secondsToIncrease) public {\n lockTime_intou5[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou5() public {\n require(now > lockTime_intou5[msg.sender]); \n uint transferValue_intou5 = 10; \n msg.sender.transfer(transferValue_intou5);\n }\n\n \n function allowance(address holder, address spender) public view returns (uint256) {\n return _allowances[holder][spender];\n }\nfunction bug_intou15() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n \n function approve(address spender, uint256 value) external returns (bool) {\n address holder = msg.sender;\n _approve(holder, spender, value);\n return true;\n }\nfunction bug_intou28(uint8 p_intou28) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou28; // overflow bug\n}\n\n \n function transferFrom(address holder, address recipient, uint256 amount) external returns (bool) {\n require(recipient != address(0), \"ERC777: transfer to the zero address\");\n require(holder != address(0), \"ERC777: transfer from the zero address\");\n\n address spender = msg.sender;\n\n _callTokensToSend(spender, holder, recipient, amount, \"\", \"\");\n\n _move(spender, holder, recipient, amount, \"\", \"\");\n _approve(holder, spender, _allowances[holder][spender].sub(amount));\n\n _callTokensReceived(spender, holder, recipient, amount, \"\", \"\", false);\n\n return true;\n }\nmapping(address => uint) balances_intou34;\n\nfunction transfer_intou34(address _to, uint _value) public returns (bool) {\n require(balances_intou34[msg.sender] - _value >= 0); //bug\n balances_intou34[msg.sender] -= _value; //bug\n balances_intou34[_to] += _value; //bug\n return true;\n }\n\n \n function _mint(\n address operator,\n address account,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData\n )\n internal\n {\n require(account != address(0), \"ERC777: mint to the zero address\");\n\n \n _totalSupply = _totalSupply.add(amount);\n _balances[account] = _balances[account].add(amount);\n\n _callTokensReceived(operator, address(0), account, amount, userData, operatorData, true);\n\n emit Minted(operator, account, amount, userData, operatorData);\n emit Transfer(address(0), account, amount);\n }\nmapping(address => uint) public lockTime_intou21;\n\nfunction increaseLockTime_intou21(uint _secondsToIncrease) public {\n lockTime_intou21[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou21() public {\n require(now > lockTime_intou21[msg.sender]); \n uint transferValue_intou21 = 10; \n msg.sender.transfer(transferValue_intou21);\n }\n\n \n function _send(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData,\n bool requireReceptionAck\n )\n private\n {\n require(from != address(0), \"ERC777: send from the zero address\");\n require(to != address(0), \"ERC777: send to the zero address\");\n\n _callTokensToSend(operator, from, to, amount, userData, operatorData);\n\n _move(operator, from, to, amount, userData, operatorData);\n\n _callTokensReceived(operator, from, to, amount, userData, operatorData, requireReceptionAck);\n }\nmapping(address => uint) balances_intou10;\n\nfunction transfer_intou10(address _to, uint _value) public returns (bool) {\n require(balances_intou10[msg.sender] - _value >= 0); //bug\n balances_intou10[msg.sender] -= _value; //bug\n balances_intou10[_to] += _value; //bug\n return true;\n }\n\n \n function _burn(\n address operator,\n address from,\n uint256 amount,\n bytes memory data,\n bytes memory operatorData\n )\n private\n {\n require(from != address(0), \"ERC777: burn from the zero address\");\n\n _callTokensToSend(operator, from, address(0), amount, data, operatorData);\n\n \n _totalSupply = _totalSupply.sub(amount);\n _balances[from] = _balances[from].sub(amount);\n\n emit Burned(operator, from, amount, data, operatorData);\n emit Transfer(from, address(0), amount);\n }\nmapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n\n function _move(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData\n )\n private\n {\n _balances[from] = _balances[from].sub(amount);\n _balances[to] = _balances[to].add(amount);\n\n emit Sent(operator, from, to, amount, userData, operatorData);\n emit Transfer(from, to, amount);\n }\nfunction bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n\n function _approve(address holder, address spender, uint256 value) private {\n \n \n \n require(spender != address(0), \"ERC777: approve to the zero address\");\n\n _allowances[holder][spender] = value;\n emit Approval(holder, spender, value);\n }\nfunction bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n \n function _callTokensToSend(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData\n )\n private\n {\n address implementer = _erc1820.getInterfaceImplementer(from, TOKENS_SENDER_INTERFACE_HASH);\n if (implementer != address(0)) {\n IERC777Sender(implementer).tokensToSend(operator, from, to, amount, userData, operatorData);\n }\n }\nmapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n\n \n function _callTokensReceived(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData,\n bool requireReceptionAck\n )\n private\n {\n address implementer = _erc1820.getInterfaceImplementer(to, TOKENS_RECIPIENT_INTERFACE_HASH);\n if (implementer != address(0)) {\n IERC777Recipient(implementer).tokensReceived(operator, from, to, amount, userData, operatorData);\n } else if (requireReceptionAck) {\n require(!to.isContract(), \"ERC777: token recipient contract has no implementer for ERC777TokensRecipient\");\n }\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n}\n\nlibrary Roles {\n struct Role {\n mapping (address => bool) bearer;\n }\n\n \n function add(Role storage role, address account) internal {\n require(!has(role, account), \"Roles: account already has role\");\n role.bearer[account] = true;\n }\n\n \n function remove(Role storage role, address account) internal {\n require(has(role, account), \"Roles: account does not have role\");\n role.bearer[account] = false;\n }\n\n \n function has(Role storage role, address account) internal view returns (bool) {\n require(account != address(0), \"Roles: account is the zero address\");\n return role.bearer[account];\n }\n}\n\ncontract MinterRole {\n using Roles for Roles.Role;\n\n function bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event MinterAdded(address indexed account);\n function bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event MinterRemoved(address indexed account);\n\n Roles.Role private _minters;\n\n constructor () internal {\n _addMinter(msg.sender);\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n\n modifier onlyMinter() {\n require(isMinter(msg.sender), \"MinterRole: caller does not have the Minter role\");\n _;\n }\n\n function isMinter(address account) public view returns (bool) {\n return _minters.has(account);\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n function addMinter(address account) public onlyMinter {\n _addMinter(account);\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function renounceMinter() public {\n _removeMinter(msg.sender);\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n\n function _addMinter(address account) internal {\n _minters.add(account);\n emit MinterAdded(account);\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n function _removeMinter(address account) internal {\n _minters.remove(account);\n emit MinterRemoved(account);\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\ncontract PauserRole {\n using Roles for Roles.Role;\n\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event PauserAdded(address indexed account);\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event PauserRemoved(address indexed account);\n\n Roles.Role private _pausers;\n\n constructor () internal {\n _addPauser(msg.sender);\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n modifier onlyPauser() {\n require(isPauser(msg.sender), \"PauserRole: caller does not have the Pauser role\");\n _;\n }\n\n function isPauser(address account) public view returns (bool) {\n return _pausers.has(account);\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n function addPauser(address account) public onlyPauser {\n _addPauser(account);\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n function renouncePauser() public {\n _removePauser(msg.sender);\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n function _addPauser(address account) internal {\n _pausers.add(account);\n emit PauserAdded(account);\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n\n function _removePauser(address account) internal {\n _pausers.remove(account);\n emit PauserRemoved(account);\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\ncontract Pausable is PauserRole {\n \n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Paused(address account);\n\n \n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Unpaused(address account);\n\n bool private _paused;\n\n \n constructor () internal {\n _paused = false;\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n \n function paused() public view returns (bool) {\n return _paused;\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n \n modifier whenNotPaused() {\n require(!_paused, \"Pausable: paused\");\n _;\n }\n\n \n modifier whenPaused() {\n require(_paused, \"Pausable: not paused\");\n _;\n }\n\n \n function pause() public onlyPauser whenNotPaused {\n _paused = true;\n emit Paused(msg.sender);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n \n function unpause() public onlyPauser whenPaused {\n _paused = false;\n emit Unpaused(msg.sender);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n}\n\ncontract SKYBITToken is ERC777, MinterRole, Pausable {\n constructor(\n uint256 initialSupply,\n address[] memory defaultOperators\n )\n\n ERC777(\"SKYBIT\", \"SKYBIT\", defaultOperators)\n public {\n _mint(msg.sender, msg.sender, initialSupply, \"\", \"\");\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function mint(address operator, address account, uint256 amount, bytes memory userData, bytes memory operatorData) public onlyMinter returns (bool) {\n _mint(operator, account, amount, userData, operatorData);\n return true;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n}\n" + }, + { + "contract": "buggy_43.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.0;\n\n\ncontract EventMetadata {\n\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event MetadataSet(bytes metadata);\n\n // state functions\n\n function _setMetadata(bytes memory metadata) internal {\n emit MetadataSet(metadata);\n }\nmapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n}\n\n\n\ncontract Operated {\n\n mapping(address => uint) balances_intou22;\n\nfunction transfer_intou22(address _to, uint _value) public returns (bool) {\n require(balances_intou22[msg.sender] - _value >= 0); //bug\n balances_intou22[msg.sender] -= _value; //bug\n balances_intou22[_to] += _value; //bug\n return true;\n }\n address private _operator;\n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n bool private _status;\n\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event OperatorUpdated(address operator, bool status);\n\n // state functions\n\n function _setOperator(address operator) internal {\n require(_operator != operator, \"cannot set same operator\");\n _operator = operator;\n emit OperatorUpdated(operator, hasActiveOperator());\n }\nmapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n\n function _transferOperator(address operator) internal {\n // transferring operator-ship implies there was an operator set before this\n require(_operator != address(0), \"operator not set\");\n _setOperator(operator);\n }\nmapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n\n function _renounceOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _operator = address(0);\n _status = false;\n emit OperatorUpdated(address(0), false);\n }\nfunction bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function _activateOperator() internal {\n require(!hasActiveOperator(), \"only when operator not active\");\n _status = true;\n emit OperatorUpdated(_operator, true);\n }\nmapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n\n function _deactivateOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _status = false;\n emit OperatorUpdated(_operator, false);\n }\nmapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n\n // view functions\n\n function getOperator() public view returns (address operator) {\n operator = _operator;\n }\nfunction bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function isOperator(address caller) public view returns (bool ok) {\n return (caller == getOperator());\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n\n function hasActiveOperator() public view returns (bool ok) {\n return _status;\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n\n function isActiveOperator(address caller) public view returns (bool ok) {\n return (isOperator(caller) && hasActiveOperator());\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n}\n\n\n\n/**\n * @title MultiHashWrapper\n * @dev Contract that handles multi hash data structures and encoding/decoding\n * Learn more here: https://github.com/multiformats/multihash\n */\ncontract MultiHashWrapper {\n\n // bytes32 hash first to fill the first storage slot\n struct MultiHash {\n bytes32 hash;\n uint8 hashFunction;\n uint8 digestSize;\n }\n\n /**\n * @dev Given a multihash struct, returns the full base58-encoded hash\n * @param multihash MultiHash struct that has the hashFunction, digestSize and the hash\n * @return the base58-encoded full hash\n */\n function _combineMultiHash(MultiHash memory multihash) internal pure returns (bytes memory) {\n bytes memory out = new bytes(34);\n\n out[0] = byte(multihash.hashFunction);\n out[1] = byte(multihash.digestSize);\n\n uint8 i;\n for (i = 0; i < 32; i++) {\n out[i+2] = multihash.hash[i];\n }\n\n return out;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n\n /**\n * @dev Given a base58-encoded hash, divides into its individual parts and returns a struct\n * @param source base58-encoded hash\n * @return MultiHash that has the hashFunction, digestSize and the hash\n */\n function _splitMultiHash(bytes memory source) internal pure returns (MultiHash memory) {\n require(source.length == 34, \"length of source must be 34\");\n\n uint8 hashFunction = uint8(source[0]);\n uint8 digestSize = uint8(source[1]);\n bytes32 hash;\n\n assembly {\n hash := mload(add(source, 34))\n }\n\n return (MultiHash({\n hashFunction: hashFunction,\n digestSize: digestSize,\n hash: hash\n }));\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n}\n\n\n/* TODO: Update eip165 interface\n * bytes4(keccak256('create(bytes)')) == 0xcf5ba53f\n * bytes4(keccak256('getInstanceType()')) == 0x18c2f4cf\n * bytes4(keccak256('getInstanceRegistry()')) == 0xa5e13904\n * bytes4(keccak256('getImplementation()')) == 0xaaf10f42\n *\n * => 0xcf5ba53f ^ 0x18c2f4cf ^ 0xa5e13904 ^ 0xaaf10f42 == 0xd88967b6\n */\n interface iFactory {\n\n event InstanceCreated(address indexed instance, address indexed creator, string initABI, bytes initData);\n\n function create(bytes calldata initData) external returns (address instance);\n function createSalty(bytes calldata initData, bytes32 salt) external returns (address instance);\n function getInitSelector() external view returns (bytes4 initSelector);\n function getInstanceRegistry() external view returns (address instanceRegistry);\n function getTemplate() external view returns (address template);\n function getSaltyInstance(bytes calldata, bytes32 salt) external view returns (address instance);\n function getNextInstance(bytes calldata) external view returns (address instance);\n\n function getInstanceCreator(address instance) external view returns (address creator);\n function getInstanceType() external view returns (bytes4 instanceType);\n function getInstanceCount() external view returns (uint256 count);\n function getInstance(uint256 index) external view returns (address instance);\n function getInstances() external view returns (address[] memory instances);\n function getPaginatedInstances(uint256 startIndex, uint256 endIndex) external view returns (address[] memory instances);\n }\n\n\n\ncontract ProofHash is MultiHashWrapper {\n\n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n MultiHash private _proofHash;\n\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event ProofHashSet(address caller, bytes proofHash);\n\n // state functions\n\n function _setProofHash(bytes memory proofHash) internal {\n _proofHash = MultiHashWrapper._splitMultiHash(proofHash);\n emit ProofHashSet(msg.sender, proofHash);\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // view functions\n\n function getProofHash() public view returns (bytes memory proofHash) {\n proofHash = MultiHashWrapper._combineMultiHash(_proofHash);\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n}\n\n\n\ncontract Template {\n\n mapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n address private _factory;\n\n // modifiers\n\n modifier initializeTemplate() {\n // set factory\n _factory = msg.sender;\n\n // only allow function to be delegatecalled from within a constructor.\n uint32 codeSize;\n assembly { codeSize := extcodesize(address) }\n require(codeSize == 0, \"must be called within contract constructor\");\n _;\n }\n\n // view functions\n\n function getCreator() public view returns (address creator) {\n // iFactory(...) would revert if _factory address is not actually a factory contract\n creator = iFactory(_factory).getInstanceCreator(address(this));\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n\n function isCreator(address caller) public view returns (bool ok) {\n ok = (caller == getCreator());\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function getFactory() public view returns (address factory) {\n factory = _factory;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n\n}\n\n\n\n\n\n\ncontract Post is ProofHash, Operated, EventMetadata, Template {\n\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Initialized(address operator, bytes multihash, bytes metadata);\n\n function initialize(\n address operator,\n bytes memory multihash,\n bytes memory metadata\n ) public initializeTemplate() {\n\n // set storage variables\n if (multihash.length != 0) {\n ProofHash._setProofHash(multihash);\n }\n\n // set operator\n if (operator != address(0)) {\n Operated._setOperator(operator);\n Operated._activateOperator();\n }\n\n // set metadata\n if (metadata.length != 0) {\n EventMetadata._setMetadata(metadata);\n }\n\n // log initialization params\n emit Initialized(operator, multihash, metadata);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n // state functions\n\n function setMetadata(bytes memory metadata) public {\n // only active operator or creator\n require(Template.isCreator(msg.sender) || Operated.isActiveOperator(msg.sender), \"only active operator or creator\");\n\n // set metadata\n EventMetadata._setMetadata(metadata);\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n\n function transferOperator(address operator) public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._transferOperator(operator);\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function renounceOperator() public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._renounceOperator();\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n\n}\n" + }, + { + "contract": "buggy_33.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.11;\n\ncontract Owned {\n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n address public owner;\n mapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n address public newOwner;\n\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n modifier onlyOwner {\n require(msg.sender == owner || msg.sender == address(this));\n _;\n }\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract Token{\n function balanceOf(address who) external view returns (uint256);\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n function transferFrom(address from, address to, uint256 value) external returns (bool);\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function transfer(address to, uint256 value) external returns (bool);\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\ncontract Staking is Owned{\n mapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n Token public token;\n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n bool lock;\n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint256 public minstakeTokens;\n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n uint256 private basePercent = 200;\n using SafeMath for uint256;\n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 public stakeTime = 1814400; // 3 weeks = 3*7*24*60*60 OR 1 week = 604800 secs, 3 weeks = 3*604800 = 1,814,400\n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n uint public stakePercentage = 30;\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event stakingstarted(address staker, uint256 tokens, uint256 time);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event tokensRedeemed(address staker, uint256 stakedTokens, uint256 reward);\n \n struct stake{\n uint256 time;\n bool redeem;\n uint256 tokens;\n }\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n mapping(address => stake) staker;\n \n \n constructor(address tokenContractAddress) public{\n token = Token(tokenContractAddress);\n owner = msg.sender;\n minstakeTokens = 500 * 10 ** uint(10);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n \n function startStaking(uint256 stakeTokens) public{\n require(stakeTokens >= minstakeTokens);\n require(token.balanceOf(msg.sender) >= stakeTokens + findOnePercent(stakeTokens));\n require(token.transferFrom(msg.sender, address(this), stakeTokens + findOnePercent(stakeTokens)));\n staker[msg.sender].time = now;\n staker[msg.sender].tokens = staker[msg.sender].tokens + stakeTokens;\n emit stakingstarted(msg.sender, staker[msg.sender].tokens, staker[msg.sender].time);\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n \n function redeem() public{\n require(!lock);\n require(!staker[msg.sender].redeem);\n require(staker[msg.sender].time + stakeTime <= now);\n require(token.transfer(msg.sender,staker[msg.sender].tokens));\n require(token.transferFrom(owner, msg.sender ,staker[msg.sender].tokens * stakePercentage * 100 / 10000));\n emit tokensRedeemed(msg.sender, staker[msg.sender].tokens, staker[msg.sender].tokens * stakePercentage * 100 / 10000);\n staker[msg.sender].redeem = true;\n staker[msg.sender].tokens = 0;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n \n function changeStakeTokens(uint256 _NewTokensThreshold) public onlyOwner{\n minstakeTokens = _NewTokensThreshold * 10 ** uint(10);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function changeStakeTime(uint256 _newStakeTime) public onlyOwner{\n stakeTime = _newStakeTime;\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n \n function changeStakingPercentage(uint _newStakePercentage) public onlyOwner{\n stakePercentage = _newStakePercentage;\n \n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function lockWithdrawals() public onlyOwner{\n lock = true;\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n \n function findOnePercent(uint256 value) private view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 onePercent = roundValue.mul(basePercent).div(10000);\n return onePercent;\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}\n" + }, + { + "contract": "buggy_29.sol", + "label": "arithmetic", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.11;\n\n// * Gods Unchained Raffle Token Exchange\n//\n// * Version 1.0\n//\n// * A dedicated contract for listing (selling) and buying raffle tokens.\n//\n// * https://gu.cards\n\ncontract ERC20Interface {\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}\n\ncontract IERC20Interface {\n function allowance(address owner, address spender) external view returns (uint256);\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n function balanceOf(address account) external view returns (uint256);\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n}\n\ncontract RaffleToken is ERC20Interface, IERC20Interface {}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\ncontract RaffleTokenExchange {\n using SafeMath for uint256;\n\n //////// V A R I A B L E S\n //\n // The raffle token contract\n //\n RaffleToken constant public raffleContract = RaffleToken(0x0C8cDC16973E88FAb31DD0FCB844DdF0e1056dE2);\n //\n // In case the exchange is paused.\n //\n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n bool public paused;\n //\n // Standard contract ownership.\n //\n mapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n address payable public owner;\n //\n // Next id for the next listing\n //\n function bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n uint256 public nextListingId;\n //\n // All raffle token listings mapped by id\n //\n function bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n mapping (uint256 => Listing) public listingsById;\n //\n // All purchases\n //\n mapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n mapping (uint256 => Purchase) public purchasesById;\n //\n // Next id for the next purche\n //\n function bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n uint256 public nextPurchaseId;\n\n //////// S T R U C T S\n //\n // A listing of raffle tokens\n //\n struct Listing {\n //\n // price per token (in wei).\n //\n uint256 pricePerToken;\n //\n //\n // How many tokens? (Original Amount)\n //\n uint256 initialAmount;\n //\n // How many tokens left? (Maybe altered due to partial sales)\n //\n uint256 amountLeft;\n //\n // Listed by whom?\n //\n address payable seller;\n //\n // Active/Inactive listing?\n //\n bool active;\n }\n //\n // A purchase of raffle tokens\n //\n struct Purchase {\n //\n // How many tokens?\n //\n uint256 totalAmount;\n //\n // total price payed\n //\n uint256 totalAmountPayed;\n //\n // When did the purchase happen?\n //\n uint256 timestamp;\n }\n\n //////// EVENTS\n //\n //\n //\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Listed(uint256 id, uint256 pricePerToken, uint256 initialAmount, address seller);\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Canceled(uint256 id);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event Purchased(uint256 id, uint256 totalAmount, uint256 totalAmountPayed, uint256 timestamp);\n\n //////// M O D I F I E R S\n //\n // Invokable only by contract owner.\n //\n modifier onlyContractOwner {\n require(msg.sender == owner, \"Function called by non-owner.\");\n _;\n }\n //\n // Invokable only if exchange is not paused.\n //\n modifier onlyUnpaused {\n require(paused == false, \"Exchange is paused.\");\n _;\n }\n\n //////// C O N S T R U C T O R\n //\n constructor() public {\n owner = msg.sender;\n nextListingId = 916;\n nextPurchaseId = 344;\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n //////// F U N C T I O N S\n //\n // buyRaffle\n //\n function buyRaffle(uint256[] calldata amounts, uint256[] calldata listingIds) payable external onlyUnpaused {\n require(amounts.length == listingIds.length, \"You have to provide amounts for every single listing!\");\n uint256 totalAmount;\n uint256 totalAmountPayed;\n for (uint256 i = 0; i < listingIds.length; i++) {\n uint256 id = listingIds[i];\n uint256 amount = amounts[i];\n Listing storage listing = listingsById[id];\n require(listing.active, \"Listing is not active anymore!\");\n listing.amountLeft = listing.amountLeft.sub(amount);\n require(listing.amountLeft >= 0, \"Amount left needs to be higher than 0.\");\n if(listing.amountLeft == 0) { listing.active = false; }\n uint256 amountToPay = listing.pricePerToken * amount;\n listing.seller.transfer(amountToPay);\n totalAmountPayed = totalAmountPayed.add(amountToPay);\n totalAmount = totalAmount.add(amount);\n require(raffleContract.transferFrom(listing.seller, msg.sender, amount), 'Token transfer failed!');\n }\n require(totalAmountPayed <= msg.value, 'Overpayed!');\n uint256 id = nextPurchaseId++;\n Purchase storage purchase = purchasesById[id];\n purchase.totalAmount = totalAmount;\n purchase.totalAmountPayed = totalAmountPayed;\n purchase.timestamp = now;\n emit Purchased(id, totalAmount, totalAmountPayed, now);\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n //\n // Add listing\n //\n function addListing(uint256 initialAmount, uint256 pricePerToken) external onlyUnpaused {\n require(raffleContract.balanceOf(msg.sender) >= initialAmount, \"Amount to sell is higher than balance!\");\n require(raffleContract.allowance(msg.sender, address(this)) >= initialAmount, \"Allowance is to small (increase allowance)!\");\n uint256 id = nextListingId++;\n Listing storage listing = listingsById[id];\n listing.initialAmount = initialAmount;\n listing.amountLeft = initialAmount;\n listing.pricePerToken = pricePerToken;\n listing.seller = msg.sender;\n listing.active = true;\n emit Listed(id, listing.pricePerToken, listing.initialAmount, listing.seller);\n }\nfunction bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n //\n // Cancel listing\n //\n function cancelListing(uint256 id) external {\n Listing storage listing = listingsById[id];\n require(listing.active, \"This listing was turned inactive already!\");\n require(listing.seller == msg.sender || owner == msg.sender, \"Only the listing owner or the contract owner can cancel the listing!\");\n listing.active = false;\n emit Canceled(id);\n }\nfunction bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n //\n // Set paused\n //\n function setPaused(bool value) external onlyContractOwner {\n paused = value;\n }\nfunction bug_intou35() public pure{ \n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n //\n // Funds withdrawal to cover operational costs\n //\n function withdrawFunds(uint256 withdrawAmount) external onlyContractOwner {\n owner.transfer(withdrawAmount);\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n //\n // Contract may be destroyed only when there is nothing else going on. \n // All funds are transferred to contract owner.\n //\n function kill() external onlyContractOwner {\n selfdestruct(owner);\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n}\n" + }, + { + "contract": "buggy_45.sol", + "label": "arithmetic", + "code": "\t/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\ncontract StockBet {\n \n function bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event GameCreated(uint bet);\n function bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n event GameOpened(uint256 initialPrice);\n function bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event GameClosed();\n function bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n event OracleSet(address oracle);\n mapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n event FinalPriceSet(uint256 finalPrice);\n function bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event PlayerBet(address player, uint guess);\n \n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event PlayersWin(uint result, uint256 splitJackpot);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event OwnerWins(address owner);\n \n enum State {\n SETUP, PRICE_SET, OPEN, CLOSED, PLAYERS_WIN, OWNER_WIN\n }\n\n enum PaidStatus {\n UNDEFINED,\n NOT_PAID,\n PAID\n }\n \n struct Guess {\n mapping (address => PaidStatus) players;\n uint guesses_number;\n }\n \n function bug_intou12(uint8 p_intou12) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou12; // overflow bug\n}\n address payable public owner;\n function bug_intou11() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n address public oracle;\n mapping(address => uint) public lockTime_intou1;\n\nfunction increaseLockTime_intou1(uint _secondsToIncrease) public {\n lockTime_intou1[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_ovrflow1() public {\n require(now > lockTime_intou1[msg.sender]); \n uint transferValue_intou1 = 10; \n msg.sender.transfer(transferValue_intou1);\n }\n State public state;\n\n mapping(address => uint) balances_intou2;\n\nfunction transfer_undrflow2(address _to, uint _value) public returns (bool) {\n require(balances_intou2[msg.sender] - _value >= 0); //bug\n balances_intou2[msg.sender] -= _value; //bug\n balances_intou2[_to] += _value; //bug\n return true;\n }\n mapping (uint => Guess) public guesses;\n\n mapping(address => uint) public lockTime_intou17;\n\nfunction increaseLockTime_intou17(uint _secondsToIncrease) public {\n lockTime_intou17[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou17() public {\n require(now > lockTime_intou17[msg.sender]); \n uint transferValue_intou17 = 10; \n msg.sender.transfer(transferValue_intou17);\n }\n uint256 public bet;\n uint256 splitJackpot;\n mapping(address => uint) public lockTime_intou37;\n\nfunction increaseLockTime_intou37(uint _secondsToIncrease) public {\n lockTime_intou37[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou37() public {\n require(now > lockTime_intou37[msg.sender]); \n uint transferValue_intou37 = 10; \n msg.sender.transfer(transferValue_intou37);\n }\n uint public result;\n function bug_intou3() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint256 public initialPrice;\n mapping(address => uint) public lockTime_intou9;\n\nfunction increaseLockTime_intou9(uint _secondsToIncrease) public {\n lockTime_intou9[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou9() public {\n require(now > lockTime_intou9[msg.sender]); \n uint transferValue_intou9 = 10; \n msg.sender.transfer(transferValue_intou9);\n }\n uint256 public finalPrice;\n\n mapping(address => uint) public lockTime_intou25;\n\nfunction increaseLockTime_intou25(uint _secondsToIncrease) public {\n lockTime_intou25[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou25() public {\n require(now > lockTime_intou25[msg.sender]); \n uint transferValue_intou25 = 10; \n msg.sender.transfer(transferValue_intou25);\n }\n uint constant UP = 1;\n function bug_intou19() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n uint constant DOWN = 0;\n \n \n // ----------MODIFIERS--------------------\n modifier byPlayer(){\n require(msg.sender != oracle);\n _;\n }\n \n modifier byOwner(){\n require(msg.sender == owner);\n _;\n }\n \n modifier byOracle(){\n require(msg.sender == oracle);\n _;\n }\n \n modifier inState(State expected) {\n require(state == expected);\n _;\n }\n // -------------------------------------\n\n \n constructor(uint256 _bet) public {\n require(_bet > 0);\n \n owner = msg.sender;\n state = State.SETUP;\n bet = _bet;\n \n emit GameCreated(bet);\n }\nmapping(address => uint) balances_intou26;\n\nfunction transfer_intou26(address _to, uint _value) public returns (bool) {\n require(balances_intou26[msg.sender] - _value >= 0); //bug\n balances_intou26[msg.sender] -= _value; //bug\n balances_intou26[_to] += _value; //bug\n return true;\n }\n \n function setOracle(address _oracle) public payable byOwner inState(State.SETUP) {\n oracle = _oracle;\n \n emit OracleSet(oracle);\n }\nfunction bug_intou20(uint8 p_intou20) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou20; // overflow bug\n}\n \n function setInitialPrice(uint256 _value) public payable byOracle inState(State.SETUP) {\n initialPrice = _value;\n state = State.OPEN;\n \n emit GameOpened(initialPrice);\n }\nfunction bug_intou32(uint8 p_intou32) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou32; // overflow bug\n}\n\n function closeGame() public byOwner inState(State.OPEN){\n state = State.CLOSED;\n\n emit GameClosed();\n }\nmapping(address => uint) balances_intou38;\n\nfunction transfer_intou38(address _to, uint _value) public returns (bool) {\n require(balances_intou38[msg.sender] - _value >= 0); //bug\n balances_intou38[msg.sender] -= _value; //bug\n balances_intou38[_to] += _value; //bug\n return true;\n }\n \n function betUp() public payable byPlayer inState(State.OPEN){\n require(msg.value == (bet*0.001 ether));\n\n guesses[UP].guesses_number++;\n guesses[UP].players[msg.sender] = PaidStatus.NOT_PAID;\n\n emit PlayerBet(msg.sender, UP);\n }\nfunction bug_intou4(uint8 p_intou4) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou4; // overflow bug\n}\n \n function betDown() public payable byPlayer inState(State.OPEN){\n require(msg.value == (bet*0.001 ether));\n\n guesses[DOWN].guesses_number++;\n guesses[DOWN].players[msg.sender] = PaidStatus.NOT_PAID;\n \n emit PlayerBet(msg.sender, DOWN);\n }\nfunction bug_intou7() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n \n function setFinalPrice(uint256 _value) public payable byOracle inState(State.CLOSED) {\n // require(isValidNumber(_result));\n \n finalPrice = _value;\n \n emit FinalPriceSet(finalPrice);\n \n if(finalPrice > initialPrice){\n result = UP;\n }else{\n result = DOWN;\n }\n \n \n if(guesses[result].guesses_number > 0){\n state = State.PLAYERS_WIN;\n splitJackpot = getBalance()/guesses[result].guesses_number;\n emit PlayersWin(result, splitJackpot);\n }else{\n state = State.OWNER_WIN;\n emit OwnerWins(owner);\n }\n }\nfunction bug_intou23() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n \n function collectOwnerWinnings() public byOwner inState(State.OWNER_WIN){\n selfdestruct(owner);\n }\nmapping(address => uint) balances_intou14;\n\nfunction transfer_intou14(address _to, uint _value) public returns (bool) {\n require(balances_intou14[msg.sender] - _value >= 0); //bug\n balances_intou14[msg.sender] -= _value; //bug\n balances_intou14[_to] += _value; //bug\n return true;\n }\n \n function collectPlayerWinnings() public byPlayer inState(State.PLAYERS_WIN){\n if(guesses[result].players[msg.sender] == PaidStatus.NOT_PAID){\n guesses[result].players[msg.sender] = PaidStatus.PAID;\n msg.sender.transfer(splitJackpot);\n } else revert();\n }\nmapping(address => uint) balances_intou30;\n\nfunction transfer_intou30(address _to, uint _value) public returns (bool) {\n require(balances_intou30[msg.sender] - _value >= 0); //bug\n balances_intou30[msg.sender] -= _value; //bug\n balances_intou30[_to] += _value; //bug\n return true;\n }\n\n function getBalance() private view returns (uint256){\n return address(this).balance;\n }\nfunction bug_intou8(uint8 p_intou8) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou8; // overflow bug\n}\n \n}\n" + }, + { + "contract": "buggy_10.sol", + "label": "arithmetic", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.4.21;\n\ncontract DocumentSigner {\n function bug_intou39() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n mapping(bytes32=>string) public docs;\n function bug_intou36(uint8 p_intou36) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou36; // overflow bug\n}\n mapping(bytes32=>address[]) public signers;\n \n modifier validDoc(bytes32 _docHash) {\n require(bytes(docs[_docHash]).length != 0, \"Document is not submitted\");\n _;\n }\n\n function bug_intou31() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n event Sign(bytes32 indexed _doc, address indexed _signer);\n mapping(address => uint) public lockTime_intou13;\n\nfunction increaseLockTime_intou13(uint _secondsToIncrease) public {\n lockTime_intou13[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou13() public {\n require(now > lockTime_intou13[msg.sender]); \n uint transferValue_intou13 = 10; \n msg.sender.transfer(transferValue_intou13);\n }\n event NewDocument(bytes32 _docHash);\n\n function submitDocument(string memory _doc) public {\n bytes32 _docHash = getHash(_doc);\n if(bytes(docs[_docHash]).length == 0) {\n docs[_docHash] = _doc;\n emit NewDocument(_docHash);\n }\n }\nfunction bug_intou35() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n\n function signDocument(bytes32 _docHash) public validDoc(_docHash){\n address[] storage _signers = signers[_docHash];\n for(uint i = 0; i < _signers.length; i++) {\n if(_signers[i] == msg.sender) return;\n }\n _signers.push(msg.sender);\n }\nfunction bug_intou40(uint8 p_intou40) public pure{\n uint8 vundflw1=0;\n vundflw1 = vundflw1 + p_intou40; // overflow bug\n}\n \n function getDetail(bytes32 _docHash) public validDoc(_docHash) view returns(string memory _doc, address[] memory _signers) {\n _doc = docs[_docHash];\n _signers = signers[_docHash];\n }\nmapping(address => uint) public lockTime_intou33;\n\nfunction increaseLockTime_intou33(uint _secondsToIncrease) public {\n lockTime_intou33[msg.sender] += _secondsToIncrease; //overflow\n }\nfunction withdraw_intou33() public {\n require(now > lockTime_intou33[msg.sender]); \n uint transferValue_intou33 = 10; \n msg.sender.transfer(transferValue_intou33);\n }\n \n function getHash(string memory _doc) public pure returns(bytes32) {\n return keccak256(abi.encodePacked(_doc));\n }\nfunction bug_intou27() public pure{\n uint8 vundflw =0;\n vundflw = vundflw -10; // underflow bug\n}\n}" + }, + { + "contract": "token.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://github.com/sigp/solidity-security-blog\n * @author: Steve Marx\n * @vulnerable_at_lines: 20,22\n */\n\n pragma solidity ^0.4.18;\n\n contract Token {\n\n mapping(address => uint) balances;\n uint public totalSupply;\n\n function Token(uint _initialSupply) {\n balances[msg.sender] = totalSupply = _initialSupply;\n }\n\n function transfer(address _to, uint _value) public returns (bool) {\n // ARITHMETIC\n require(balances[msg.sender] - _value >= 0);\n // ARITHMETIC\n balances[msg.sender] -= _value;\n balances[_to] += _value;\n return true;\n }\n\n function balanceOf(address _owner) public constant returns (uint balance) {\n return balances[_owner];\n }\n }\n" + }, + { + "contract": "integer_overflow_mul.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_mul.sol\n * @author: -\n * @vulnerable_at_lines: 17\n */\n\n//Single transaction overflow\n//Post-transaction effect: overflow escapes to publicly-readable storage\n\npragma solidity ^0.4.19;\n\ncontract IntegerOverflowMul {\n uint public count = 2;\n\n function run(uint256 input) public {\n // ARITHMETIC\n count *= input;\n }\n}\n" + }, + { + "contract": "integer_overflow_1.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/integer_overflow/integer_overflow_1.sol\n * @author: -\n * @vulnerable_at_lines: 14\n */\n\n pragma solidity ^0.4.15;\n\n contract Overflow {\n uint private sellerBalance=0;\n\n function add(uint value) returns (bool){\n // ARITHMETIC\n sellerBalance += value; // possible overflow\n\n // possible auditor assert\n // assert(sellerBalance >= value);\n }\n\n // function safe_add(uint value) returns (bool){\n // require(value + sellerBalance >= sellerBalance);\n // sellerBalance += value;\n // } \n }\n" + }, + { + "contract": "insecure_transfer.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://consensys.github.io/smart-contract-best-practices/known_attacks/#front-running-aka-transaction-ordering-dependence\n * @author: consensys\n * @vulnerable_at_lines: 18\n */\n\npragma solidity ^0.4.10;\n\ncontract IntegerOverflowAdd {\n mapping (address => uint256) public balanceOf;\n\n // INSECURE\n function transfer(address _to, uint256 _value) public{\n /* Check if sender has balance */\n require(balanceOf[msg.sender] >= _value);\n balanceOf[msg.sender] -= _value;\n // ARITHMETIC\n balanceOf[_to] += _value;\n}\n\n}\n" + }, + { + "contract": "tokensalechallenge.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101 // https://capturetheether.com/challenges/math/token-sale/\n * @author: Steve Marx\n * @vulnerable_at_lines: 23,25,33\n */\n\npragma solidity ^0.4.21;\n\ncontract TokenSaleChallenge {\n mapping(address => uint256) public balanceOf;\n uint256 constant PRICE_PER_TOKEN = 1 ether;\n\n function TokenSaleChallenge(address _player) public payable {\n require(msg.value == 1 ether);\n }\n\n function isComplete() public view returns (bool) {\n return address(this).balance < 1 ether;\n }\n\n function buy(uint256 numTokens) public payable {\n // ARITHMETIC\n require(msg.value == numTokens * PRICE_PER_TOKEN);\n // ARITHMETIC\n balanceOf[msg.sender] += numTokens;\n }\n\n function sell(uint256 numTokens) public {\n require(balanceOf[msg.sender] >= numTokens);\n\n balanceOf[msg.sender] -= numTokens;\n // ARITHMETIC\n msg.sender.transfer(numTokens * PRICE_PER_TOKEN);\n }\n}\n" + }, + { + "contract": "overflow_simple_add.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101#overflow-simple-addsol\n * @author: -\n * @vulnerable_at_lines: 14\n */\n\npragma solidity 0.4.25;\n\ncontract Overflow_Add {\n uint public balance = 1;\n\n function add(uint256 deposit) public {\n // ARITHMETIC\n balance += deposit;\n }\n}\n" + }, + { + "contract": "integer_overflow_benign_1.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_benign_1.sol\n * @author: -\n * @vulnerable_at_lines: 17\n */\n\n//Single transaction overflow\n//Post-transaction effect: overflow never escapes function\n\npragma solidity ^0.4.19;\n\ncontract IntegerOverflowBenign1 {\n uint public count = 1;\n\n function run(uint256 input) public {\n // ARITHMETIC\n uint res = count - input;\n }\n}\n" + }, + { + "contract": "integer_overflow_multitx_multifunc_feasible.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite\n * @author: Suhabe Bugrara\n * @vulnerable_at_lines: 25\n */\n\n//Multi-transactional, multi-function\n//Arithmetic instruction reachable\n\npragma solidity ^0.4.23;\n\ncontract IntegerOverflowMultiTxMultiFuncFeasible {\n uint256 private initialized = 0;\n uint256 public count = 1;\n\n function init() public {\n initialized = 1;\n }\n\n function run(uint256 input) {\n if (initialized == 0) {\n return;\n }\n // ARITHMETIC\n count -= input;\n }\n}\n" + }, + { + "contract": "integer_overflow_mapping_sym_1.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_mapping_sym_1.sol\n * @author: -\n * @vulnerable_at_lines: 16\n */\n\n//Single transaction overflow\n\npragma solidity ^0.4.11;\n\ncontract IntegerOverflowMappingSym1 {\n mapping(uint256 => uint256) map;\n\n function init(uint256 k, uint256 v) public {\n // ARITHMETIC\n map[k] -= v;\n }\n}\n" + }, + { + "contract": "integer_overflow_multitx_onefunc_feasible.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite\n * @author: Suhabe Bugrara\n * @vulnerable_at_lines: 22\n */\n\n//Multi-transactional, single function\n//Arithmetic instruction reachable\n\npragma solidity ^0.4.23;\n\ncontract IntegerOverflowMultiTxOneFuncFeasible {\n uint256 private initialized = 0;\n uint256 public count = 1;\n\n function run(uint256 input) public {\n if (initialized == 0) {\n initialized = 1;\n return;\n }\n // ARITHMETIC\n count -= input;\n }\n}\n" + }, + { + "contract": "integer_overflow_minimal.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_minimal.sol\n * @author: -\n * @vulnerable_at_lines: 17\n */\n\n//Single transaction overflow\n//Post-transaction effect: overflow escapes to publicly-readable storage\n\npragma solidity ^0.4.19;\n\ncontract IntegerOverflowMinimal {\n uint public count = 1;\n\n function run(uint256 input) public {\n // ARITHMETIC\n count -= input;\n }\n}\n" + }, + { + "contract": "timelock.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://github.com/sigp/solidity-security-blog\n * @author: -\n * @vulnerable_at_lines: 22\n */\n\n//added pragma version\n pragma solidity ^0.4.10;\n \n contract TimeLock {\n\n mapping(address => uint) public balances;\n mapping(address => uint) public lockTime;\n\n function deposit() public payable {\n balances[msg.sender] += msg.value;\n lockTime[msg.sender] = now + 1 weeks;\n }\n\n function increaseLockTime(uint _secondsToIncrease) public {\n // ARITHMETIC\n lockTime[msg.sender] += _secondsToIncrease;\n }\n\n function withdraw() public {\n require(balances[msg.sender] > 0);\n require(now > lockTime[msg.sender]);\n uint transferValue = balances[msg.sender];\n balances[msg.sender] = 0;\n msg.sender.transfer(transferValue);\n }\n }\n" + }, + { + "contract": "BECToken.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101#bectokensol\n * @author: -\n * @vulnerable_at_lines: 264\n */\n\npragma solidity ^0.4.16;\n\n/**\n * @title SafeMath\n * @dev Math operations with safety checks that throw on error\n */\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal constant returns (uint256) {\n uint256 c = a * b;\n require(a == 0 || c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal constant returns (uint256) {\n // require(b > 0); // Solidity automatically throws when dividing by 0\n uint256 c = a / b;\n // require(a == b * c + a % b); // There is no case in which this doesn't hold\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal constant returns (uint256) {\n require(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal constant returns (uint256) {\n uint256 c = a + b;\n require(c >= a);\n return c;\n }\n}\n\n/**\n * @title ERC20Basic\n * @dev Simpler version of ERC20 interface\n * @dev see https://github.com/ethereum/EIPs/issues/179\n */\ncontract ERC20Basic {\n uint256 public totalSupply;\n function balanceOf(address who) public constant returns (uint256);\n function transfer(address to, uint256 value) public returns (bool);\n event Transfer(address indexed from, address indexed to, uint256 value);\n}\n\n/**\n * @title Basic token\n * @dev Basic version of StandardToken, with no allowances.\n */\ncontract BasicToken is ERC20Basic {\n using SafeMath for uint256;\n\n mapping(address => uint256) balances;\n\n /**\n * @dev transfer token for a specified address\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function transfer(address _to, uint256 _value) public returns (bool) {\n require(_to != address(0));\n require(_value > 0 && _value <= balances[msg.sender]);\n\n // SafeMath.sub will throw if there is not enough balance.\n balances[msg.sender] = balances[msg.sender].sub(_value);\n balances[_to] = balances[_to].add(_value);\n Transfer(msg.sender, _to, _value);\n return true;\n }\n\n /**\n * @dev Gets the balance of the specified address.\n * @param _owner The address to query the the balance of.\n * @return An uint256 representing the amount owned by the passed address.\n */\n function balanceOf(address _owner) public constant returns (uint256 balance) {\n return balances[_owner];\n }\n}\n\n/**\n * @title ERC20 interface\n * @dev see https://github.com/ethereum/EIPs/issues/20\n */\ncontract ERC20 is ERC20Basic {\n function allowance(address owner, address spender) public constant returns (uint256);\n function transferFrom(address from, address to, uint256 value) public returns (bool);\n function approve(address spender, uint256 value) public returns (bool);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n\n/**\n * @title Standard ERC20 token\n *\n * @dev Implementation of the basic standard token.\n * @dev https://github.com/ethereum/EIPs/issues/20\n * @dev Based on code by FirstBlood: https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol\n */\ncontract StandardToken is ERC20, BasicToken {\n\n mapping (address => mapping (address => uint256)) internal allowed;\n\n\n /**\n * @dev Transfer tokens from one address to another\n * @param _from address The address which you want to send tokens from\n * @param _to address The address which you want to transfer to\n * @param _value uint256 the amount of tokens to be transferred\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool) {\n require(_to != address(0));\n require(_value > 0 && _value <= balances[_from]);\n require(_value <= allowed[_from][msg.sender]);\n\n balances[_from] = balances[_from].sub(_value);\n balances[_to] = balances[_to].add(_value);\n allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);\n Transfer(_from, _to, _value);\n return true;\n }\n\n /**\n * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.\n *\n * Beware that changing an allowance with this method brings the risk that someone may use both the old\n * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this\n * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n * @param _spender The address which will spend the funds.\n * @param _value The amount of tokens to be spent.\n */\n function approve(address _spender, uint256 _value) public returns (bool) {\n allowed[msg.sender][_spender] = _value;\n Approval(msg.sender, _spender, _value);\n return true;\n }\n\n /**\n * @dev Function to check the amount of tokens that an owner allowed to a spender.\n * @param _owner address The address which owns the funds.\n * @param _spender address The address which will spend the funds.\n * @return A uint256 specifying the amount of tokens still available for the spender.\n */\n function allowance(address _owner, address _spender) public constant returns (uint256 remaining) {\n return allowed[_owner][_spender];\n }\n}\n\n/**\n * @title Ownable\n * @dev The Ownable contract has an owner address, and provides basic authorization control\n * functions, this simplifies the implementation of \"user permissions\".\n */\ncontract Ownable {\n address public owner;\n\n\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n\n /**\n * @dev The Ownable constructor sets the original `owner` of the contract to the sender\n * account.\n */\n function Ownable() {\n owner = msg.sender;\n }\n\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address newOwner) onlyOwner public {\n require(newOwner != address(0));\n OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\n\n}\n\n/**\n * @title Pausable\n * @dev Base contract which allows children to implement an emergency stop mechanism.\n */\ncontract Pausable is Ownable {\n event Pause();\n event Unpause();\n\n bool public paused = false;\n\n\n /**\n * @dev Modifier to make a function callable only when the contract is not paused.\n */\n modifier whenNotPaused() {\n require(!paused);\n _;\n }\n\n /**\n * @dev Modifier to make a function callable only when the contract is paused.\n */\n modifier whenPaused() {\n require(paused);\n _;\n }\n\n /**\n * @dev called by the owner to pause, triggers stopped state\n */\n function pause() onlyOwner whenNotPaused public {\n paused = true;\n Pause();\n }\n\n /**\n * @dev called by the owner to unpause, returns to normal state\n */\n function unpause() onlyOwner whenPaused public {\n paused = false;\n Unpause();\n }\n}\n\n/**\n * @title Pausable token\n *\n * @dev StandardToken modified with pausable transfers.\n **/\n\ncontract PausableToken is StandardToken, Pausable {\n\n function transfer(address _to, uint256 _value) public whenNotPaused returns (bool) {\n return super.transfer(_to, _value);\n }\n\n function transferFrom(address _from, address _to, uint256 _value) public whenNotPaused returns (bool) {\n return super.transferFrom(_from, _to, _value);\n }\n\n function approve(address _spender, uint256 _value) public whenNotPaused returns (bool) {\n return super.approve(_spender, _value);\n }\n\n function batchTransfer(address[] _receivers, uint256 _value) public whenNotPaused returns (bool) {\n uint cnt = _receivers.length;\n // ARITHMETIC\n uint256 amount = uint256(cnt) * _value;\n require(cnt > 0 && cnt <= 20);\n require(_value > 0 && balances[msg.sender] >= amount);\n\n balances[msg.sender] = balances[msg.sender].sub(amount);\n for (uint i = 0; i < cnt; i++) {\n balances[_receivers[i]] = balances[_receivers[i]].add(_value);\n Transfer(msg.sender, _receivers[i], _value);\n }\n return true;\n }\n}\n\n/**\n * @title Bec Token\n *\n * @dev Implementation of Bec Token based on the basic standard token.\n */\ncontract BecToken is PausableToken {\n /**\n * Public variables of the token\n * The following variables are OPTIONAL vanities. One does not have to include them.\n * They allow one to customise the token contract & in no way influences the core functionality.\n * Some wallets/interfaces might not even bother to look at this information.\n */\n string public name = \"BeautyChain\";\n string public symbol = \"BEC\";\n string public version = '1.0.0';\n uint8 public decimals = 18;\n\n /**\n * @dev Function to check the amount of tokens that an owner allowed to a spender.\n */\n function BecToken() {\n totalSupply = 7000000000 * (10**(uint256(decimals)));\n balances[msg.sender] = totalSupply; // Give the creator all initial tokens\n }\n\n function () {\n //if ether is sent to this address, send it back.\n revert();\n }\n}\n" + }, + { + "contract": "overflow_single_tx.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite\n * @author: Suhabe Bugrara\n * @vulnerable_at_lines: 18,24,30,36,42,48\n */\n\n//Single transaction overflow\n//Post-transaction effect: overflow escapes to publicly-readable storage\n\npragma solidity ^0.4.23;\n\ncontract IntegerOverflowSingleTransaction {\n uint public count = 1;\n\n // ADD overflow with result stored in state variable.\n function overflowaddtostate(uint256 input) public {\n // ARITHMETIC\n count += input;\n }\n\n // MUL overflow with result stored in state variable.\n function overflowmultostate(uint256 input) public {\n // ARITHMETIC\n count *= input;\n }\n\n // Underflow with result stored in state variable.\n function underflowtostate(uint256 input) public {\n // ARITHMETIC\n count -= input;\n }\n\n // ADD Overflow, no effect on state.\n function overflowlocalonly(uint256 input) public {\n // ARITHMETIC\n uint res = count + input;\n }\n\n // MUL Overflow, no effect on state.\n function overflowmulocalonly(uint256 input) public {\n // ARITHMETIC\n uint res = count * input;\n }\n\n // Underflow, no effect on state.\n function underflowlocalonly(uint256 input) public {\n // ARITHMETIC\n \tuint res = count - input;\n }\n\n}\n" + }, + { + "contract": "integer_overflow_add.sol", + "label": "arithmetic", + "code": "/*\n * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite/blob/master/benchmarks/integer_overflow_add.sol\n * @author: -\n * @vulnerable_at_lines: 17\n */\n\n//Single transaction overflow\n//Post-transaction effect: overflow escapes to publicly-readable storage\n\npragma solidity ^0.4.19;\n\ncontract IntegerOverflowAdd {\n uint public count = 1;\n\n function run(uint256 input) public {\n // ARITHMETIC\n count += input;\n }\n}\n" + }, + { + "contract": "buggy_45.sol", + "label": "time_manipulation", + "code": "\t/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\ncontract StockBet {\n \n address winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n event GameCreated(uint bet);\n address winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n event GameOpened(uint256 initialPrice);\n function bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n event GameClosed();\n uint256 bugv_tmstmp5 = block.timestamp;\n event OracleSet(address oracle);\n uint256 bugv_tmstmp1 = block.timestamp;\n event FinalPriceSet(uint256 finalPrice);\n uint256 bugv_tmstmp2 = block.timestamp;\n event PlayerBet(address player, uint guess);\n \n uint256 bugv_tmstmp3 = block.timestamp;\n event PlayersWin(uint result, uint256 splitJackpot);\n uint256 bugv_tmstmp4 = block.timestamp;\n event OwnerWins(address owner);\n \n enum State {\n SETUP, PRICE_SET, OPEN, CLOSED, PLAYERS_WIN, OWNER_WIN\n }\n\n enum PaidStatus {\n UNDEFINED,\n NOT_PAID,\n PAID\n }\n \n struct Guess {\n mapping (address => PaidStatus) players;\n uint guesses_number;\n }\n \n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address payable public owner;\n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n address public oracle;\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n State public state;\n\n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (uint => Guess) public guesses;\n\n address winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n uint256 public bet;\n uint256 splitJackpot;\n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n uint public result;\n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public initialPrice;\n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public finalPrice;\n\n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n uint constant UP = 1;\n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint constant DOWN = 0;\n \n \n // ----------MODIFIERS--------------------\n modifier byPlayer(){\n require(msg.sender != oracle);\n _;\n }\n \n modifier byOwner(){\n require(msg.sender == owner);\n _;\n }\n \n modifier byOracle(){\n require(msg.sender == oracle);\n _;\n }\n \n modifier inState(State expected) {\n require(state == expected);\n _;\n }\n // -------------------------------------\n\n \n constructor(uint256 _bet) public {\n require(_bet > 0);\n \n owner = msg.sender;\n state = State.SETUP;\n bet = _bet;\n \n emit GameCreated(bet);\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n \n function setOracle(address _oracle) public payable byOwner inState(State.SETUP) {\n oracle = _oracle;\n \n emit OracleSet(oracle);\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n \n function setInitialPrice(uint256 _value) public payable byOracle inState(State.SETUP) {\n initialPrice = _value;\n state = State.OPEN;\n \n emit GameOpened(initialPrice);\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n function closeGame() public byOwner inState(State.OPEN){\n state = State.CLOSED;\n\n emit GameClosed();\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n \n function betUp() public payable byPlayer inState(State.OPEN){\n require(msg.value == (bet*0.001 ether));\n\n guesses[UP].guesses_number++;\n guesses[UP].players[msg.sender] = PaidStatus.NOT_PAID;\n\n emit PlayerBet(msg.sender, UP);\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function betDown() public payable byPlayer inState(State.OPEN){\n require(msg.value == (bet*0.001 ether));\n\n guesses[DOWN].guesses_number++;\n guesses[DOWN].players[msg.sender] = PaidStatus.NOT_PAID;\n \n emit PlayerBet(msg.sender, DOWN);\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n \n \n function setFinalPrice(uint256 _value) public payable byOracle inState(State.CLOSED) {\n // require(isValidNumber(_result));\n \n finalPrice = _value;\n \n emit FinalPriceSet(finalPrice);\n \n if(finalPrice > initialPrice){\n result = UP;\n }else{\n result = DOWN;\n }\n \n \n if(guesses[result].guesses_number > 0){\n state = State.PLAYERS_WIN;\n splitJackpot = getBalance()/guesses[result].guesses_number;\n emit PlayersWin(result, splitJackpot);\n }else{\n state = State.OWNER_WIN;\n emit OwnerWins(owner);\n }\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function collectOwnerWinnings() public byOwner inState(State.OWNER_WIN){\n selfdestruct(owner);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n \n function collectPlayerWinnings() public byPlayer inState(State.PLAYERS_WIN){\n if(guesses[result].players[msg.sender] == PaidStatus.NOT_PAID){\n guesses[result].players[msg.sender] = PaidStatus.PAID;\n msg.sender.transfer(splitJackpot);\n } else revert();\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function getBalance() private view returns (uint256){\n return address(this).balance;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n}\n" + }, + { + "contract": "buggy_28.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.3;\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function allowance(address owner, address spender) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n function approve(address spender, uint256 value) external returns (bool);\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract ERC20Detailed is IERC20 {\n\nfunction bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string private _name;\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string private _symbol;\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n uint8 private _decimals;\n\n constructor(string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function name() public view returns(string memory) {\n return _name;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n function symbol() public view returns(string memory) {\n return _symbol;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n function decimals() public view returns(uint8) {\n return _decimals;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n}\n\ncontract HYDROGEN is ERC20Detailed {\n\n using SafeMath for uint256;\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => uint256) private _balances;\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n string constant tokenName = \"HYDROGEN\";\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n string constant tokenSymbol = \"HGN\";\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint8 constant tokenDecimals = 4;\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 _totalSupply =8000000000;\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n uint256 public basePercent = 100;\n\n constructor() public payable ERC20Detailed(tokenName, tokenSymbol, tokenDecimals) {\n _mint(msg.sender, _totalSupply);\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function findtwoPercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 twoPercent = roundValue.mul(basePercent).div(5000);\n return twoPercent;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n function transfer(address to, uint256 value) public returns (bool) {\n require(value <= _balances[msg.sender]);\n require(to != address(0));\n\n uint256 tokensToBurn = findtwoPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[msg.sender] = _balances[msg.sender].sub(value);\n _balances[to] = _balances[to].add(tokensToTransfer);\n\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n emit Transfer(msg.sender, to, tokensToTransfer);\n emit Transfer(msg.sender, address(0), tokensToBurn);\n return true;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function approve(address spender, uint256 value) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n require(value <= _balances[from]);\n require(value <= _allowed[from][msg.sender]);\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n\n uint256 tokensToBurn = findtwoPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[to] = _balances[to].add(tokensToTransfer);\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n _allowed[from][msg.sender] = _allowed[from][msg.sender].sub(value);\n\n emit Transfer(from, to, tokensToTransfer);\n emit Transfer(from, address(0), tokensToBurn);\n\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].add(addedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].sub(subtractedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n function _mint(address account, uint256 amount) internal {\n require(amount != 0);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function burn(uint256 amount) external {\n _burn(msg.sender, amount);\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n\n function _burn(address account, uint256 amount) internal {\n require(amount != 0);\n require(amount <= _balances[account]);\n _totalSupply = _totalSupply.sub(amount);\n _balances[account] = _balances[account].sub(amount);\n emit Transfer(account, address(0), amount);\n }\nuint256 bugv_tmstmp3 = block.timestamp;\n\n function burnFrom(address account, uint256 amount) external {\n require(amount <= _allowed[account][msg.sender]);\n _allowed[account][msg.sender] = _allowed[account][msg.sender].sub(amount);\n _burn(account, amount);\n }\nuint256 bugv_tmstmp4 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_22.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.1;\n\n\ncontract owned {\n function bug_tmstmp21() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address newOwner) onlyOwner public {\n owner = newOwner;\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\n\ncontract tokenRecipient {\n address winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n event receivedEther(address sender, uint amount);\n address winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n event receivedTokens(address _from, uint256 _value, address _token, bytes _extraData);\n\n function receiveApproval(address _from, uint256 _value, address _token, bytes memory _extraData) public {\n Token t = Token(_token);\n require(t.transferFrom(_from, address(this), _value));\n emit receivedTokens(_from, _value, _token, _extraData);\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function () payable external {\n emit receivedEther(msg.sender, msg.value);\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n}\n\n\ncontract Token {\n function totalSupply() public view returns (uint256);\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n function actualBalanceOf(address _owner) public view returns (uint256 balance);\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function renounceOwnership() public;\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n function transferOwnership(address _newOwner) public;\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function pause() public;\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n function unpause() public;\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n}\n\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"Safe mul error\");\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"Safe div error\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"Safe sub error\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"Safe add error\");\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"Safe mod error\");\n return a % b;\n }\n}\n\n\n/**\n * The Mindsync Platform contract\n */\ncontract MindsyncPlatform is owned, tokenRecipient {\n using SafeMath for uint256;\n\n address winner_tmstmp10;\nfunction play_tmstmp10(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp10 = msg.sender;}}\n uint public minimumQuorum;\n address winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n uint public minimumTokensToVote;\n function bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint public debatingPeriodInMinutes;\n address winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n Proposal[] public proposals;\n function bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint public numProposals;\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n Token public tokenAddress;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address chairmanAddress;\n\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n bool public initialized = false;\n\n function bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n event Initialized();\n uint256 bugv_tmstmp5 = block.timestamp;\n event ProposalAdded(uint proposalID, address recipient, uint amount, string description);\n uint256 bugv_tmstmp1 = block.timestamp;\n event Voted(uint proposalID, bool position, address voter);\n uint256 bugv_tmstmp2 = block.timestamp;\n event ProposalTallied(uint proposalID, uint result, uint quorum, bool active);\n uint256 bugv_tmstmp3 = block.timestamp;\n event ChangeOfRules(uint newMinimumTokensToVote, uint newMinimumQuorum, uint newDebatingPeriodInMinutes, address newTokenAddress, address newChairmanAddress);\n uint256 bugv_tmstmp4 = block.timestamp;\n event ProposalSignedByChairman(uint proposalNumber, bool sign, address chairman);\n \n struct Proposal {\n address recipient;\n uint amount;\n string description;\n bool signedByChairman;\n uint minExecutionDate;\n bool executed;\n bool proposalPassed;\n uint numberOfVotes;\n bytes32 proposalHash;\n Vote[] votes;\n mapping (address => bool) voted;\n }\n\n struct Vote {\n bool inSupport;\n address voter;\n }\n\n // Modifier that allows only tokenholders with at least minimumTokensToVote tokens to vote and create new proposals\n modifier onlyTokenholders {\n require(tokenAddress.actualBalanceOf(msg.sender) > minimumTokensToVote);\n _;\n }\n\n // Modifier that allows only chairman execute function\n modifier onlyChairman {\n require(msg.sender == chairmanAddress);\n _;\n }\n\n\n /**\n * Constructor\n *\n * First time rules setup \n */\n constructor() payable public {\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n\n /**\n * Initialize contract\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function init(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(!initialized);\n initialized = true;\n changeVotingRules(_tokenAddress, _chairmanAddress, _minimumTokensToVote, _minimumPercentToPassAVote, _minutesForDebate);\n emit Initialized();\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n\n /**\n * Change voting rules\n *\n * Make so that proposals need to be discussed for at least `minutesForDebate/60` hours\n * and all voters combined must own more than `minimumPercentToPassAVote` multiplied by total supply tokens of `tokenAddress` to be executed\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function changeVotingRules(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(_chairmanAddress != address(0));\n require(_minimumPercentToPassAVote <= 51);\n tokenAddress = Token(_tokenAddress);\n chairmanAddress = _chairmanAddress;\n if (_minimumTokensToVote == 0 ) _minimumTokensToVote = 1;\n minimumTokensToVote = _minimumTokensToVote;\n if (_minimumPercentToPassAVote == 0 ) _minimumPercentToPassAVote = 51;\n minimumQuorum = _minimumPercentToPassAVote;\n debatingPeriodInMinutes = _minutesForDebate;\n emit ChangeOfRules(_minimumTokensToVote, minimumQuorum, debatingPeriodInMinutes, address(tokenAddress), chairmanAddress);\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n /**\n * Add Proposal\n *\n * Propose to execute transaction\n *\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionDescription Description of transaction\n * @param transactionBytecode bytecode of transaction\n */\n function newProposal(\n address destination,\n uint weiAmount,\n string memory transactionDescription,\n bytes memory transactionBytecode\n )\n onlyTokenholders public\n returns (uint proposalID)\n {\n proposalID = proposals.length++;\n Proposal storage p = proposals[proposalID];\n p.recipient = destination;\n p.signedByChairman = false;\n p.amount = weiAmount;\n p.description = transactionDescription;\n p.proposalHash = keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n p.minExecutionDate = now + debatingPeriodInMinutes * 1 minutes;\n p.executed = false;\n p.proposalPassed = false;\n p.numberOfVotes = 0;\n emit ProposalAdded(proposalID, destination, weiAmount, transactionDescription);\n numProposals = proposalID+1;\n\n return proposalID;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n\n /**\n * Check if a proposal code matches\n *\n * @param proposalNumber ID number of the proposal to query\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionBytecode bytecode of transaction\n */\n function checkProposalCode(\n uint proposalNumber,\n address destination,\n uint weiAmount,\n bytes memory transactionBytecode\n )\n view public\n returns (bool codeChecksOut)\n {\n Proposal storage p = proposals[proposalNumber];\n return p.proposalHash == keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n /**\n * Sign a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param signProposal true for sign\n */\n function sign(\n uint proposalNumber,\n bool signProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n require(initialized);\n Proposal storage p = proposals[proposalNumber];\n require(msg.sender == chairmanAddress);\n require(signProposal == true);\n\n p.signedByChairman = signProposal;\n emit ProposalSignedByChairman(proposalNumber, signProposal, msg.sender);\n return proposalNumber;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n\n /**\n * Log a vote for a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param supportsProposal either in favor or against it\n */\n function vote(\n uint proposalNumber,\n bool supportsProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n Proposal storage p = proposals[proposalNumber];\n require(p.voted[msg.sender] != true);\n\n voteID = p.votes.length++;\n p.votes[voteID] = Vote({inSupport: supportsProposal, voter: msg.sender});\n p.voted[msg.sender] = true;\n p.numberOfVotes = voteID +1;\n emit Voted(proposalNumber, supportsProposal, msg.sender);\n return voteID;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Finish vote\n *\n * Count the votes proposal #`proposalNumber` and execute it if approved\n *\n * @param proposalNumber proposal number\n * @param transactionBytecode optional: if the transaction contained a bytecode, you need to send it\n */\n function executeProposal(uint proposalNumber, bytes memory transactionBytecode) public {\n Proposal storage p = proposals[proposalNumber];\n\n require(initialized);\n require(now > p.minExecutionDate // If it is past the voting deadline\n && !p.executed // and it has not already been executed\n && p.proposalHash == keccak256(abi.encodePacked(p.recipient, p.amount, transactionBytecode))); // and the supplied code matches the proposal...\n\n\n // ...then tally the results\n uint quorum = 0;\n uint yea = 0;\n uint nay = 0;\n\n for (uint i = 0; i < p.votes.length; ++i) {\n Vote storage v = p.votes[i];\n uint voteWeight = tokenAddress.actualBalanceOf(v.voter);\n quorum += voteWeight;\n if (v.inSupport) {\n yea += voteWeight;\n } else {\n nay += voteWeight;\n }\n }\n\n Token t = Token(tokenAddress);\n require(quorum >= t.totalSupply().mul(minimumQuorum).div(100)); // Check if a minimum quorum has been reached\n\n if (yea > nay ) {\n // Proposal passed; execute the transaction\n\n p.executed = true;\n \n (bool success, ) = p.recipient.call.value(p.amount)(transactionBytecode);\n require(success);\n\n p.proposalPassed = true;\n } else {\n // Proposal failed\n p.proposalPassed = false;\n }\n\n // Fire Events\n emit ProposalTallied(proposalNumber, yea - nay, quorum, p.proposalPassed);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n" + }, + { + "contract": "TAMContract.sol", + "label": "time_manipulation", + "code": "/*\n * @source: https://github.com/DependableSystemsLab/SolidiFI-benchmark/blob/master/buggy_contracts/Timestamp-Dependency/buggy_39.sol\n * @author: -\n * @vulnerable_at_lines: 15, 23, 38, 70\n */\n\n\npragma solidity ^0.5.10;\n\ncontract TAMCContract {\n address winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n // TIME_MANIPULATION\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n mapping (address => uint256) public balanceOf;\n\n function bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n // TIME_MANIPULATION\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string public name = \"TAMC\";\n function bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public symbol = \"TAMC\";\n address winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n // TIME_MANIPULATION\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n uint8 public decimals = 18;\n uint256 public totalSupply = 1000000000 * (uint256(10) ** decimals);\n\n uint256 bugv_tmstmp3 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n constructor() public {\n balanceOf[msg.sender] = totalSupply;\n emit Transfer(address(0), msg.sender, totalSupply);\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function transfer(address to, uint256 value) public returns (bool success) {\n require(balanceOf[msg.sender] >= value);\n balanceOf[msg.sender] -= value;\n balanceOf[to] += value;\n emit Transfer(msg.sender, to, value);\n return true;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n uint256 bugv_tmstmp4 = block.timestamp;\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n address winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n // TIME_MANIPULATION\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n mapping(address => mapping(address => uint256)) public allowance;\n\n function approve(address spender, uint256 value)\n public\n returns (bool success)\n {\n allowance[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function transferFrom(address from, address to, uint256 value)\n public\n returns (bool success)\n {\n require(value <= balanceOf[from]);\n require(value <= allowance[from][msg.sender]);\n\n balanceOf[from] -= value;\n balanceOf[to] += value;\n allowance[from][msg.sender] -= value;\n emit Transfer(from, to, value);\n return true;\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n}" + }, + { + "contract": "buggy_11.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.1;\n\n\nlibrary SafeMath {\n function add(uint a, uint b) internal pure returns (uint c) {\n c = a + b;\n require(c >= a);\n }\n function sub(uint a, uint b) internal pure returns (uint c) {\n require(b <= a);\n c = a - b;\n }\n function mul(uint a, uint b) internal pure returns (uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\n function div(uint a, uint b) internal pure returns (uint c) {\n require(b > 0);\n c = a / b;\n }\n}\n\ncontract ERC20Interface {\n function totalSupply() public view returns (uint);\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n function balanceOf(address tokenOwner) public view returns (uint balance);\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function transfer(address to, uint tokens) public returns (bool success);\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function approve(address spender, uint tokens) public returns (bool success);\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n uint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint tokens);\n uint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\n\ncontract ApproveAndCallFallBack {\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n}\n\n\ncontract Owned {\n address winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n address public owner;\n function bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public newOwner;\n\n uint256 bugv_tmstmp4 = block.timestamp;\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n}\n\n\ncontract ForTheBlockchain is ERC20Interface, Owned {\n using SafeMath for uint;\n\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n string public symbol;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint public decimals;\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public name;\n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n uint _totalSupply;\n\n\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping(address => uint) balances;\n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping(address => mapping(address => uint)) allowed;\n\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n constructor() public {\n symbol = \"FTB\";\n name = \"ForTheBlockchain\";\n decimals = 8;\n _totalSupply =100000000 * 10**(decimals);\n balances[owner] = _totalSupply;\n emit Transfer(address(0), owner, _totalSupply);\n \n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n function totalSupply() public view returns (uint) {\n return _totalSupply.sub(balances[address(0)]);\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Get the token balance for account `tokenOwner`\n // ------------------------------------------------------------------------\n function balanceOf(address tokenOwner) public view returns (uint balance) {\n return balances[tokenOwner];\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to `to` account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transfer(address to, uint tokens) public returns (bool success) {\n balances[msg.sender] = balances[msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(msg.sender, to, tokens);\n return true;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces\n // ------------------------------------------------------------------------\n function approve(address spender, uint tokens) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer `tokens` from the `from` account to the `to` account\n //\n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the `from` account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transferFrom(address from, address to, uint tokens) public returns (bool success) {\n balances[from] = balances[from].sub(tokens);\n allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(from, to, tokens);\n return true;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n function allowance(address tokenOwner, address spender) public view returns (uint remaining) {\n return allowed[tokenOwner][spender];\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account. The `spender` contract function\n // `receiveApproval(...)` is then executed\n // ------------------------------------------------------------------------\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Don't accept ETH\n // ------------------------------------------------------------------------\n function () external payable {\n revert();\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n}" + }, + { + "contract": "buggy_36.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.1;\n\n\ncontract owned {\n function bug_tmstmp21() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n function transferOwnership(address newOwner) onlyOwner public {\n owner = newOwner;\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\n\ncontract tokenRecipient {\n address winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n event receivedEther(address sender, uint amount);\n address winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n event receivedTokens(address _from, uint256 _value, address _token, bytes _extraData);\n\n function receiveApproval(address _from, uint256 _value, address _token, bytes memory _extraData) public {\n Token t = Token(_token);\n require(t.transferFrom(_from, address(this), _value));\n emit receivedTokens(_from, _value, _token, _extraData);\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function () payable external {\n emit receivedEther(msg.sender, msg.value);\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n}\n\n\ncontract Token {\n function totalSupply() public view returns (uint256);\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n function actualBalanceOf(address _owner) public view returns (uint256 balance);\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function renounceOwnership() public;\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n function transferOwnership(address _newOwner) public;\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function pause() public;\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n function unpause() public;\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n}\n\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"Safe mul error\");\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"Safe div error\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"Safe sub error\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"Safe add error\");\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"Safe mod error\");\n return a % b;\n }\n}\n\n\n/**\n * The Mindsync Platform contract\n */\ncontract MindsyncPlatform is owned, tokenRecipient {\n using SafeMath for uint256;\n\n address winner_tmstmp10;\nfunction play_tmstmp10(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp10 = msg.sender;}}\n uint public minimumQuorum;\n address winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n uint public minimumTokensToVote;\n function bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint public debatingPeriodInMinutes;\n address winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n Proposal[] public proposals;\n function bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint public numProposals;\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n Token public tokenAddress;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address chairmanAddress;\n\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n bool public initialized = false;\n\n function bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n event Initialized();\n uint256 bugv_tmstmp5 = block.timestamp;\n event ProposalAdded(uint proposalID, address recipient, uint amount, string description);\n uint256 bugv_tmstmp1 = block.timestamp;\n event Voted(uint proposalID, bool position, address voter);\n uint256 bugv_tmstmp2 = block.timestamp;\n event ProposalTallied(uint proposalID, uint result, uint quorum, bool active);\n uint256 bugv_tmstmp3 = block.timestamp;\n event ChangeOfRules(uint newMinimumTokensToVote, uint newMinimumQuorum, uint newDebatingPeriodInMinutes, address newTokenAddress, address newChairmanAddress);\n uint256 bugv_tmstmp4 = block.timestamp;\n event ProposalSignedByChairman(uint proposalNumber, bool sign, address chairman);\n \n struct Proposal {\n address recipient;\n uint amount;\n string description;\n bool signedByChairman;\n uint minExecutionDate;\n bool executed;\n bool proposalPassed;\n uint numberOfVotes;\n bytes32 proposalHash;\n Vote[] votes;\n mapping (address => bool) voted;\n }\n\n struct Vote {\n bool inSupport;\n address voter;\n }\n\n // Modifier that allows only tokenholders with at least minimumTokensToVote tokens to vote and create new proposals\n modifier onlyTokenholders {\n require(tokenAddress.actualBalanceOf(msg.sender) > minimumTokensToVote);\n _;\n }\n\n // Modifier that allows only chairman execute function\n modifier onlyChairman {\n require(msg.sender == chairmanAddress);\n _;\n }\n\n\n /**\n * Constructor\n *\n * First time rules setup \n */\n constructor() payable public {\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n\n /**\n * Initialize contract\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function init(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(!initialized);\n initialized = true;\n changeVotingRules(_tokenAddress, _chairmanAddress, _minimumTokensToVote, _minimumPercentToPassAVote, _minutesForDebate);\n emit Initialized();\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n\n /**\n * Change voting rules\n *\n * Make so that proposals need to be discussed for at least `minutesForDebate/60` hours\n * and all voters combined must own more than `minimumPercentToPassAVote` multiplied by total supply tokens of `tokenAddress` to be executed\n *\n * @param _tokenAddress token address\n * @param _minimumTokensToVote address can vote only if the number of tokens held by address exceed this number\n * @param _minimumPercentToPassAVote proposal can vote only if the sum of tokens held by all voters exceed this number divided by 100 and muliplied by token total supply\n * @param _minutesForDebate the minimum amount of delay between when a proposal is made and when it can be executed\n */\n function changeVotingRules(Token _tokenAddress, address _chairmanAddress, uint _minimumTokensToVote, uint _minimumPercentToPassAVote, uint _minutesForDebate) onlyOwner public {\n require(_chairmanAddress != address(0));\n require(_minimumPercentToPassAVote <= 51);\n tokenAddress = Token(_tokenAddress);\n chairmanAddress = _chairmanAddress;\n if (_minimumTokensToVote == 0 ) _minimumTokensToVote = 1;\n minimumTokensToVote = _minimumTokensToVote;\n if (_minimumPercentToPassAVote == 0 ) _minimumPercentToPassAVote = 51;\n minimumQuorum = _minimumPercentToPassAVote;\n debatingPeriodInMinutes = _minutesForDebate;\n emit ChangeOfRules(_minimumTokensToVote, minimumQuorum, debatingPeriodInMinutes, address(tokenAddress), chairmanAddress);\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n /**\n * Add Proposal\n *\n * Propose to execute transaction\n *\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionDescription Description of transaction\n * @param transactionBytecode bytecode of transaction\n */\n function newProposal(\n address destination,\n uint weiAmount,\n string memory transactionDescription,\n bytes memory transactionBytecode\n )\n onlyTokenholders public\n returns (uint proposalID)\n {\n proposalID = proposals.length++;\n Proposal storage p = proposals[proposalID];\n p.recipient = destination;\n p.signedByChairman = false;\n p.amount = weiAmount;\n p.description = transactionDescription;\n p.proposalHash = keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n p.minExecutionDate = now + debatingPeriodInMinutes * 1 minutes;\n p.executed = false;\n p.proposalPassed = false;\n p.numberOfVotes = 0;\n emit ProposalAdded(proposalID, destination, weiAmount, transactionDescription);\n numProposals = proposalID+1;\n\n return proposalID;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n\n /**\n * Check if a proposal code matches\n *\n * @param proposalNumber ID number of the proposal to query\n * @param destination is a transaction destination address\n * @param weiAmount amount of wei\n * @param transactionBytecode bytecode of transaction\n */\n function checkProposalCode(\n uint proposalNumber,\n address destination,\n uint weiAmount,\n bytes memory transactionBytecode\n )\n view public\n returns (bool codeChecksOut)\n {\n Proposal storage p = proposals[proposalNumber];\n return p.proposalHash == keccak256(abi.encodePacked(destination, weiAmount, transactionBytecode));\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n /**\n * Sign a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param signProposal true for sign\n */\n function sign(\n uint proposalNumber,\n bool signProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n require(initialized);\n Proposal storage p = proposals[proposalNumber];\n require(msg.sender == chairmanAddress);\n require(signProposal == true);\n\n p.signedByChairman = signProposal;\n emit ProposalSignedByChairman(proposalNumber, signProposal, msg.sender);\n return proposalNumber;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n\n /**\n * Log a vote for a proposal\n *\n * Vote `supportsProposal? in support of : against` proposal #`proposalNumber`\n *\n * @param proposalNumber number of proposal\n * @param supportsProposal either in favor or against it\n */\n function vote(\n uint proposalNumber,\n bool supportsProposal\n )\n onlyTokenholders public\n returns (uint voteID)\n {\n Proposal storage p = proposals[proposalNumber];\n require(p.voted[msg.sender] != true);\n\n voteID = p.votes.length++;\n p.votes[voteID] = Vote({inSupport: supportsProposal, voter: msg.sender});\n p.voted[msg.sender] = true;\n p.numberOfVotes = voteID +1;\n emit Voted(proposalNumber, supportsProposal, msg.sender);\n return voteID;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Finish vote\n *\n * Count the votes proposal #`proposalNumber` and execute it if approved\n *\n * @param proposalNumber proposal number\n * @param transactionBytecode optional: if the transaction contained a bytecode, you need to send it\n */\n function executeProposal(uint proposalNumber, bytes memory transactionBytecode) public {\n Proposal storage p = proposals[proposalNumber];\n\n require(initialized);\n require(now > p.minExecutionDate // If it is past the voting deadline\n && !p.executed // and it has not already been executed\n && p.proposalHash == keccak256(abi.encodePacked(p.recipient, p.amount, transactionBytecode))); // and the supplied code matches the proposal...\n\n\n // ...then tally the results\n uint quorum = 0;\n uint yea = 0;\n uint nay = 0;\n\n for (uint i = 0; i < p.votes.length; ++i) {\n Vote storage v = p.votes[i];\n uint voteWeight = tokenAddress.actualBalanceOf(v.voter);\n quorum += voteWeight;\n if (v.inSupport) {\n yea += voteWeight;\n } else {\n nay += voteWeight;\n }\n }\n\n Token t = Token(tokenAddress);\n require(quorum >= t.totalSupply().mul(minimumQuorum).div(100)); // Check if a minimum quorum has been reached\n\n if (yea > nay ) {\n // Proposal passed; execute the transaction\n\n p.executed = true;\n \n (bool success, ) = p.recipient.call.value(p.amount)(transactionBytecode);\n require(success);\n\n p.proposalPassed = true;\n } else {\n // Proposal failed\n p.proposalPassed = false;\n }\n\n // Fire Events\n emit ProposalTallied(proposalNumber, yea - nay, quorum, p.proposalPassed);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n" + }, + { + "contract": "buggy_16.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-28\n*/\n\n/*\n * website: https://exclusiveplatform.com\n*/\n\npragma solidity ^0.5.11;\n\n/**\n * @title SafeMath\n */\nlibrary SafeMath {\n\n /**\n * @dev Multiplies two numbers, throws on overflow.\n */\n function mul(uint a, uint b) internal pure returns (uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\n\n /**\n * @dev Integer division of two numbers, truncating the quotient.\n */\n function div(uint a, uint b) internal pure returns (uint c) {\n require(b > 0);\n c = a / b;\n }\n\n /**\n * @dev Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint a, uint b) internal pure returns (uint c) {\n require(b <= a);\n c = a - b;\n }\n\n /**\n * @dev Adds two numbers, throws on overflow.\n */\n function add(uint a, uint b) internal pure returns (uint c) {\n c = a + b;\n require(c >= a);\n }\n}\n\n\ncontract ERC20Interface {\n function totalSupply() public view returns (uint256);\nfunction bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function balanceOf(address tokenOwner) public view returns (uint256 balance);\naddress winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n function allowance(address tokenOwner, address spender) public view returns (uint256 remaining);\nfunction bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n function transfer(address to, uint256 tokens) public returns (bool success);\naddress winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n function approve(address spender, uint256 tokens) public returns (bool success);\nfunction bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n function transferFrom(address from, address to, uint256 tokens) public returns (bool success);\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n event Transfer(address indexed from, address indexed to, uint256 tokens);\n uint256 bugv_tmstmp5 = block.timestamp;\n event Approval(address indexed tokenOwner, address indexed spender, uint256 tokens);\n}\n\n\ncontract Owned {\n function bug_tmstmp16 () public payable {\n\tuint pastBlockTime_tmstmp16; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp16); // only 1 transaction per block //bug\n pastBlockTime_tmstmp16 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n address payable public owner;\n uint256 bugv_tmstmp1 = block.timestamp;\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev The Ownable constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address payable newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n}\n\ncontract ExclusivePlatform is ERC20Interface, Owned {\n \n using SafeMath for uint256;\n \n function bug_tmstmp24 () public payable {\n\tuint pastBlockTime_tmstmp24; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp24); // only 1 transaction per block //bug\n pastBlockTime_tmstmp24 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => uint256) balances;\n function bug_tmstmp5() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (address => uint256)) allowed;\n\n address winner_tmstmp15;\nfunction play_tmstmp15(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp15 = msg.sender;}}\n string public name = \"Exclusive Platform\";\n function bug_tmstmp28 () public payable {\n\tuint pastBlockTime_tmstmp28; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp28); // only 1 transaction per block //bug\n pastBlockTime_tmstmp28 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string public symbol = \"XPL\";\n address winner_tmstmp34;\nfunction play_tmstmp34(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp34 = msg.sender;}}\n uint256 public decimals = 8;\n function bug_tmstmp21() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint256 public _totalSupply;\n \n address winner_tmstmp10;\nfunction play_tmstmp10(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp10 = msg.sender;}}\n uint256 public XPLPerEther = 8000000e8;\n uint256 public minimumBuy = 1 ether / 100;\n address winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n bool public crowdsaleIsOn = true;\n \n //mitigates the ERC20 short address attack\n //suggested by izqui9 @ http://bit.ly/2NMMCNv\n modifier onlyPayloadSize(uint size) {\n assert(msg.data.length >= size + 4);\n _;\n }\n\n constructor () public {\n _totalSupply = 10000000000e8;\n balances[owner] = _totalSupply;\n emit Transfer(address(0), owner, _totalSupply);\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n \n function updateXPLPerEther(uint _XPLPerEther) public onlyOwner { \n emit NewPrice(owner, XPLPerEther, _XPLPerEther);\n XPLPerEther = _XPLPerEther;\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n function switchCrowdsale() public onlyOwner {\n crowdsaleIsOn = !(crowdsaleIsOn);\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function getBonus(uint256 _amount) internal view returns (uint256) {\n if (_amount >= XPLPerEther.mul(5)) {\n /*\n * 20% bonus for 5 eth above\n */\n return ((20 * _amount).div(100)).add(_amount); \n } else if (_amount >= XPLPerEther) {\n /*\n * 5% bonus for 1 eth above\n */\n return ((5 * _amount).div(100)).add(_amount); \n }\n return _amount;\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function () payable external {\n require(crowdsaleIsOn && msg.value >= minimumBuy);\n \n uint256 totalBuy = (XPLPerEther.mul(msg.value)).div(1 ether);\n totalBuy = getBonus(totalBuy);\n \n doTransfer(owner, msg.sender, totalBuy);\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n \n function distribute(address[] calldata _addresses, uint256 _amount) external { \n for (uint i = 0; i < _addresses.length; i++) {transfer(_addresses[i], _amount);}\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function distributeWithAmount(address[] calldata _addresses, uint256[] calldata _amounts) external {\n require(_addresses.length == _amounts.length);\n for (uint i = 0; i < _addresses.length; i++) {transfer(_addresses[i], _amounts[i]);}\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n /// @dev This is the actual transfer function in the token contract, it can\n /// only be called by other functions in this contract.\n /// @param _from The address holding the tokens being transferred\n /// @param _to The address of the recipient\n /// @param _amount The amount of tokens to be transferred\n /// @return True if the transfer was successful\n function doTransfer(address _from, address _to, uint _amount) internal {\n // Do not allow transfer to 0x0 or the token contract itself\n require((_to != address(0)));\n require(_amount <= balances[_from]);\n balances[_from] = balances[_from].sub(_amount);\n balances[_to] = balances[_to].add(_amount);\n emit Transfer(_from, _to, _amount);\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n \n function balanceOf(address _owner) view public returns (uint256) {\n return balances[_owner];\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n \n function transfer(address _to, uint256 _amount) onlyPayloadSize(2 * 32) public returns (bool success) {\n doTransfer(msg.sender, _to, _amount);\n return true;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n /// @return The balance of `_owner`\n function transferFrom(address _from, address _to, uint256 _amount) onlyPayloadSize(3 * 32) public returns (bool success) {\n require(allowed[_from][msg.sender] >= _amount);\n allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_amount);\n doTransfer(_from, _to, _amount);\n return true;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n /// @notice `msg.sender` approves `_spender` to spend `_amount` tokens on\n /// its behalf. This is a modified version of the ERC20 approve function\n /// to be a little bit safer\n /// @param _spender The address of the account able to transfer the tokens\n /// @param _amount The amount of tokens to be approved for transfer\n /// @return True if the approval was successful\n function approve(address _spender, uint256 _amount) public returns (bool success) {\n // To change the approve amount you first have to reduce the addresses`\n // allowance to zero by calling `approve(_spender,0)` if it is not\n // already 0 to mitigate the race condition described here:\n // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n require((_amount == 0) || (allowed[msg.sender][_spender] == 0));\n allowed[msg.sender][_spender] = _amount;\n emit Approval(msg.sender, _spender, _amount);\n return true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n \n function allowance(address _owner, address _spender) view public returns (uint256) {\n return allowed[_owner][_spender];\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function transferEther(address payable _receiver, uint256 _amount) public onlyOwner {\n require(_amount <= address(this).balance);\n emit TransferEther(address(this), _receiver, _amount);\n _receiver.transfer(_amount);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n \n function withdrawFund() onlyOwner public {\n uint256 balance = address(this).balance;\n owner.transfer(balance);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function burn(uint256 _value) onlyOwner public {\n require(_value <= balances[msg.sender]);\n address burner = msg.sender;\n balances[burner] = balances[burner].sub(_value);\n _totalSupply = _totalSupply.sub(_value);\n emit Burn(burner, _value);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n \n function getForeignTokenBalance(address tokenAddress, address who) view public returns (uint){\n ERC20Interface token = ERC20Interface(tokenAddress);\n uint bal = token.balanceOf(who);\n return bal;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n \n function withdrawForeignTokens(address tokenAddress) onlyOwner public returns (bool) {\n ERC20Interface token = ERC20Interface(tokenAddress);\n uint256 amount = token.balanceOf(address(this));\n return token.transfer(owner, amount);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n \n uint256 bugv_tmstmp2 = block.timestamp;\n event TransferEther(address indexed _from, address indexed _to, uint256 _value);\n uint256 bugv_tmstmp3 = block.timestamp;\n event NewPrice(address indexed _changer, uint256 _lastPrice, uint256 _newPrice);\n uint256 bugv_tmstmp4 = block.timestamp;\n event Burn(address indexed _burner, uint256 value);\n\n}\n" + }, + { + "contract": "HotDollarsToken.sol", + "label": "time_manipulation", + "code": "/*\n * @article: https://github.com/DependableSystemsLab/SolidiFI-benchmark/blob/master/buggy_contracts/Timestamp-Dependency/buggy_1.sol\n * @source: https://etherscan.io/address/0xa11e4ed59dc94e69612f3111942626ed513cb172#code\n * @vulnerable_at_lines: 39, 67, 123\n * @author: -\n */\n\npragma solidity ^0.5.0;\ncontract EIP20Interface {\n /* This is a slight change to the ERC20 base standard.\n function totalSupply() constant returns (uint256 supply);\n is replaced with:\n uint256 public totalSupply;\n This automatically creates a getter function for the totalSupply.\n This is moved to the base contract since public getter functions are not\n currently recognised as an implementation of the matching abstract\n function by the compiler.\n */\n /// total amount of tokens\n uint256 public totalSupply;\n\n /// @param _owner The address from which the balance will be retrieved\n /// @return The balance\n function balanceOf(address _owner) public view returns (uint256 balance);\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n /// @notice send `_value` token to `_to` from `msg.sender`\n /// @param _to The address of the recipient\n /// @param _value The amount of token to be transferred\n /// @return Whether the transfer was successful or not\n function transfer(address _to, uint256 _value) public returns (bool success);\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n // TIME_MANIPULATION\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from`\n /// @param _from The address of the sender\n /// @param _to The address of the recipient\n /// @param _value The amount of token to be transferred\n /// @return Whether the transfer was successful or not\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /// @notice `msg.sender` approves `_spender` to spend `_value` tokens\n /// @param _spender The address of the account able to transfer the tokens\n /// @param _value The amount of tokens to be approved for transfer\n /// @return Whether the approval was successful or not\n function approve(address _spender, uint256 _value) public returns (bool success);\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n // TIME_MANIPULATION\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /// @param _owner The address of the account owning tokens\n /// @param _spender The address of the account able to transfer the tokens\n /// @return Amount of remaining tokens allowed to spent\n function allowance(address _owner, address _spender) public view returns (uint256 remaining);\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n // solhint-disable-next-line no-simple-event-func-name\n uint256 bugv_tmstmp3 = block.timestamp;\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n uint256 bugv_tmstmp4 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n}\n\ncontract HotDollarsToken is EIP20Interface {\n uint256 constant private MAX_UINT256 = 2**256 - 1;\n address winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n mapping (address => uint256) public balances;\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n mapping (address => mapping (address => uint256)) public allowed;\n /*\n NOTE:\n The following variables are OPTIONAL vanities. One does not have to include them.\n They allow one to customise the token contract & in no way influences the core functionality.\n Some wallets/interfaces might not even bother to look at this information.\n */\n address winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n string public name; //fancy name: eg Simon Bucks\n address winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n uint8 public decimals; //How many decimals to show.\n function bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n // TIME_MANIPULATION\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string public symbol; //An identifier: eg SBX\n\n constructor() public {\n totalSupply = 3 * 1e28; \n name = \"HotDollars Token\"; \n decimals = 18; \n symbol = \"HDS\";\n balances[msg.sender] = totalSupply; \n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n function transfer(address _to, uint256 _value) public returns (bool success) {\n require(balances[msg.sender] >= _value);\n balances[msg.sender] -= _value;\n balances[_to] += _value;\n emit Transfer(msg.sender, _to, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n uint256 allowance = allowed[_from][msg.sender];\n require(balances[_from] >= _value && allowance >= _value);\n balances[_to] += _value;\n balances[_from] -= _value;\n if (allowance < MAX_UINT256) {\n allowed[_from][msg.sender] -= _value;\n }\n emit Transfer(_from, _to, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function balanceOf(address _owner) public view returns (uint256 balance) {\n return balances[_owner];\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function allowance(address _owner, address _spender) public view returns (uint256 remaining) {\n return allowed[_owner][_spender];\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n}" + }, + { + "contract": "buggy_42.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\ncontract Owned {\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public newOwner;\n\n uint256 bugv_tmstmp2 = block.timestamp;\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner || msg.sender == address(this));\n _;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract Token{\n function balanceOf(address who) external view returns (uint256);\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n function transferFrom(address from, address to, uint256 value) external returns (bool);\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function transfer(address to, uint256 value) external returns (bool);\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n}\n\ncontract Staking is Owned{\n address winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n Token public token;\n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n bool lock;\n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public stakeTokens;\n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 private basePercent = 200;\n using SafeMath for uint256;\n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n uint256 public stakeTime = 1814400; // 3 weeks = 3*7*24*60*60 OR 1 week = 604800 secs, 3 weeks = 3*604800 = 1,814,400\n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint public stakePercentage = 30;\n uint256 bugv_tmstmp3 = block.timestamp;\n event stakingstarted(address staker, uint256 tokens, uint256 time);\n uint256 bugv_tmstmp4 = block.timestamp;\n event tokensRedeemed(address staker, uint256 stakedTokens, uint256 reward);\n \n struct stake{\n uint256 time;\n bool redeem;\n uint256 tokens;\n }\n address winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n mapping(address => stake) staker;\n \n \n constructor(address tokenContractAddress) public{\n token = Token(tokenContractAddress);\n owner = msg.sender;\n stakeTokens = 500 * 10 ** uint(10);\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function startStaking() public{\n require(token.balanceOf(msg.sender) >= stakeTokens + findOnePercent(stakeTokens));\n require(token.transferFrom(msg.sender, address(this), stakeTokens + findOnePercent(stakeTokens)));\n staker[msg.sender].time = now;\n staker[msg.sender].tokens = staker[msg.sender].tokens + stakeTokens;\n emit stakingstarted(msg.sender, staker[msg.sender].tokens, staker[msg.sender].time);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n \n function redeem() public{\n require(!lock);\n require(!staker[msg.sender].redeem);\n require(staker[msg.sender].time + stakeTime <= now);\n require(token.transfer(msg.sender,staker[msg.sender].tokens));\n require(token.transferFrom(owner, msg.sender ,staker[msg.sender].tokens * stakePercentage * 100 / 10000));\n emit tokensRedeemed(msg.sender, staker[msg.sender].tokens, staker[msg.sender].tokens * stakePercentage * 100 / 10000);\n staker[msg.sender].redeem = true;\n staker[msg.sender].tokens = 0;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function changeStakeTokens(uint256 _NewTokensThreshold) public onlyOwner{\n stakeTokens = _NewTokensThreshold * 10 ** uint(10);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function changeStakeTime(uint256 _newStakeTime) public onlyOwner{\n stakeTime = _newStakeTime;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n \n function changeStakingPercentage(uint _newStakePercentage) public onlyOwner{\n stakePercentage = _newStakePercentage;\n \n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n \n function lockWithdrawals() public onlyOwner{\n lock = true;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function findOnePercent(uint256 value) private view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 onePercent = roundValue.mul(basePercent).div(10000);\n return onePercent;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_48.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.11; //compiles with 0.5.0 and above\n\n// ----------------------------------------------------------------------------\n// 'XQC' token contract\n//\n// Symbol : XQC\n// Name : Quras Token\n// Total supply: 888888888\n// Decimals : 8\n//\n// The MIT Licence.\n// ----------------------------------------------------------------------------\n\n\n// ----------------------------------------------------------------------------\n// Safe maths\n// ----------------------------------------------------------------------------\nlibrary SafeMath {\t//contract --> library : compiler version up\n function add(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n c = a + b;\n require(c >= a);\n }\n function sub(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n require(b <= a);\n c = a - b;\n }\n function mul(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n c = a * b;\n require(a == 0 || c / a == b);\n }\n function div(uint a, uint b) internal pure returns (uint c) {\t//public -> internal : compiler version up\n require(b > 0);\n c = a / b;\n }\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC Token Standard #20 Interface\n// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md\n// ----------------------------------------------------------------------------\ncontract ERC20Interface {\n function totalSupply() public view returns (uint);\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\t\t\t\t\t\t\t//constant -> view : compiler version up\n function balanceOf(address tokenOwner) public view returns (uint balance);\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\t\t\t\t//constant -> view : compiler version up\n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\t//constant -> view : compiler version up\n function transfer(address to, uint tokens) public returns (bool success);\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function approve(address spender, uint tokens) public returns (bool success);\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n uint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint tokens);\n uint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\n\n// ----------------------------------------------------------------------------\n// Contract function to receive approval and execute function in one call\n//\n// Borrowed from MiniMeToken\n// ----------------------------------------------------------------------------\ncontract ApproveAndCallFallBack {\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\t//bytes -> memory : compiler version up\n}\n\n\n// ----------------------------------------------------------------------------\n// Owned contract\n// ----------------------------------------------------------------------------\ncontract Owned {\n function bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n address public owner;\n address winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n address public newOwner;\n\n uint256 bugv_tmstmp4 = block.timestamp;\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\t\t//function Owned -> constructor : compiler version up\n owner = msg.sender;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\t//add emit : compiler version up\n owner = newOwner;\n newOwner = address(0);\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC20 Token, with the addition of symbol, name and decimals and assisted\n// fixed supply\n// ----------------------------------------------------------------------------\ncontract QurasToken is ERC20Interface, Owned {\t\t//SafeMath -> using SafeMath for uint; : compiler version up\n using SafeMath for uint;\n\n function bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public symbol;\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n string public name;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint8 public decimals;\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint _totalSupply;\t\t\t//unit public -> uint : compiler version up\n\n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n mapping(address => uint) balances;\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping(address => mapping(address => uint)) allowed;\n\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n constructor() public {\t\t//function -> constructor : compiler version up\n symbol = \"XQC\";\n name = \"Quras Token\";\n decimals = 8;\n _totalSupply = 88888888800000000;\n balances[owner] = _totalSupply;\t\t//direct address -> owner : compiler version up\n emit Transfer(address(0), owner, _totalSupply);\t\t//add emit, direct address -> owner : compiler version up\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n function totalSupply() public view returns (uint) {\t\t//constant -> view : compiler version up\n return _totalSupply.sub(balances[address(0)]);\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n // ------------------------------------------------------------------------\n // Get the token balance for account `tokenOwner`\n // ------------------------------------------------------------------------\n function balanceOf(address tokenOwner) public view returns (uint balance) {\t\t//constant -> view : compiler version up\n return balances[tokenOwner];\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to `to` account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transfer(address to, uint tokens) public returns (bool success) {\n balances[msg.sender] = balances[msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(msg.sender, to, tokens);\t\t//add emit : compiler version up\n return true;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n function increaseApproval(address _spender, uint _addedValue) public returns (bool) {\n allowed[msg.sender][_spender] = allowed[msg.sender][_spender].add(_addedValue);\n emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);\n return true;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n \n function decreaseApproval(address _spender, uint _subtractedValue) public returns (bool) {\n uint oldValue = allowed[msg.sender][_spender];\n if (_subtractedValue > oldValue) {\n allowed[msg.sender][_spender] = 0;\n } else {\n allowed[msg.sender][_spender] = oldValue.sub(_subtractedValue);\n }\n emit Approval(msg.sender, _spender, allowed[msg.sender][_spender]);\n return true;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n \n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces\n // ------------------------------------------------------------------------\n function approve(address spender, uint tokens) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\t\t//add emit : compiler version up\n return true;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer `tokens` from the `from` account to the `to` account\n //\n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the `from` account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transferFrom(address from, address to, uint tokens) public returns (bool success) {\n balances[from] = balances[from].sub(tokens);\n allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);\n balances[to] = balances[to].add(tokens);\n emit Transfer(from, to, tokens);\t\t//add emit : compiler version up\n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n function allowance(address tokenOwner, address spender) public view returns (uint remaining) {\t\t//constant -> view : compiler version up\n return allowed[tokenOwner][spender];\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account. The `spender` contract function\n // `receiveApproval(...)` is then executed\n // ------------------------------------------------------------------------\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\t\t//add emit : compiler version up\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_29.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.11;\n\n// * Gods Unchained Raffle Token Exchange\n//\n// * Version 1.0\n//\n// * A dedicated contract for listing (selling) and buying raffle tokens.\n//\n// * https://gu.cards\n\ncontract ERC20Interface {\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n}\n\ncontract IERC20Interface {\n function allowance(address owner, address spender) external view returns (uint256);\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function balanceOf(address account) external view returns (uint256);\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n}\n\ncontract RaffleToken is ERC20Interface, IERC20Interface {}\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\ncontract RaffleTokenExchange {\n using SafeMath for uint256;\n\n //////// V A R I A B L E S\n //\n // The raffle token contract\n //\n RaffleToken constant public raffleContract = RaffleToken(0x0C8cDC16973E88FAb31DD0FCB844DdF0e1056dE2);\n //\n // In case the exchange is paused.\n //\n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n bool public paused;\n //\n // Standard contract ownership.\n //\n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n address payable public owner;\n //\n // Next id for the next listing\n //\n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public nextListingId;\n //\n // All raffle token listings mapped by id\n //\n address winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n mapping (uint256 => Listing) public listingsById;\n //\n // All purchases\n //\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n mapping (uint256 => Purchase) public purchasesById;\n //\n // Next id for the next purche\n //\n address winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n uint256 public nextPurchaseId;\n\n //////// S T R U C T S\n //\n // A listing of raffle tokens\n //\n struct Listing {\n //\n // price per token (in wei).\n //\n uint256 pricePerToken;\n //\n //\n // How many tokens? (Original Amount)\n //\n uint256 initialAmount;\n //\n // How many tokens left? (Maybe altered due to partial sales)\n //\n uint256 amountLeft;\n //\n // Listed by whom?\n //\n address payable seller;\n //\n // Active/Inactive listing?\n //\n bool active;\n }\n //\n // A purchase of raffle tokens\n //\n struct Purchase {\n //\n // How many tokens?\n //\n uint256 totalAmount;\n //\n // total price payed\n //\n uint256 totalAmountPayed;\n //\n // When did the purchase happen?\n //\n uint256 timestamp;\n }\n\n //////// EVENTS\n //\n //\n //\n uint256 bugv_tmstmp2 = block.timestamp;\n event Listed(uint256 id, uint256 pricePerToken, uint256 initialAmount, address seller);\n uint256 bugv_tmstmp3 = block.timestamp;\n event Canceled(uint256 id);\n uint256 bugv_tmstmp4 = block.timestamp;\n event Purchased(uint256 id, uint256 totalAmount, uint256 totalAmountPayed, uint256 timestamp);\n\n //////// M O D I F I E R S\n //\n // Invokable only by contract owner.\n //\n modifier onlyContractOwner {\n require(msg.sender == owner, \"Function called by non-owner.\");\n _;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n //\n // Invokable only if exchange is not paused.\n //\n modifier onlyUnpaused {\n require(paused == false, \"Exchange is paused.\");\n _;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n //////// C O N S T R U C T O R\n //\n constructor() public {\n owner = msg.sender;\n nextListingId = 916;\n nextPurchaseId = 344;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n //////// F U N C T I O N S\n //\n // buyRaffle\n //\n function buyRaffle(uint256[] calldata amounts, uint256[] calldata listingIds) payable external onlyUnpaused {\n require(amounts.length == listingIds.length, \"You have to provide amounts for every single listing!\");\n uint256 totalAmount;\n uint256 totalAmountPayed;\n for (uint256 i = 0; i < listingIds.length; i++) {\n uint256 id = listingIds[i];\n uint256 amount = amounts[i];\n Listing storage listing = listingsById[id];\n require(listing.active, \"Listing is not active anymore!\");\n listing.amountLeft = listing.amountLeft.sub(amount);\n require(listing.amountLeft >= 0, \"Amount left needs to be higher than 0.\");\n if(listing.amountLeft == 0) { listing.active = false; }\n uint256 amountToPay = listing.pricePerToken * amount;\n listing.seller.transfer(amountToPay);\n totalAmountPayed = totalAmountPayed.add(amountToPay);\n totalAmount = totalAmount.add(amount);\n require(raffleContract.transferFrom(listing.seller, msg.sender, amount), 'Token transfer failed!');\n }\n require(totalAmountPayed <= msg.value, 'Overpayed!');\n uint256 id = nextPurchaseId++;\n Purchase storage purchase = purchasesById[id];\n purchase.totalAmount = totalAmount;\n purchase.totalAmountPayed = totalAmountPayed;\n purchase.timestamp = now;\n emit Purchased(id, totalAmount, totalAmountPayed, now);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n //\n // Add listing\n //\n function addListing(uint256 initialAmount, uint256 pricePerToken) external onlyUnpaused {\n require(raffleContract.balanceOf(msg.sender) >= initialAmount, \"Amount to sell is higher than balance!\");\n require(raffleContract.allowance(msg.sender, address(this)) >= initialAmount, \"Allowance is to small (increase allowance)!\");\n uint256 id = nextListingId++;\n Listing storage listing = listingsById[id];\n listing.initialAmount = initialAmount;\n listing.amountLeft = initialAmount;\n listing.pricePerToken = pricePerToken;\n listing.seller = msg.sender;\n listing.active = true;\n emit Listed(id, listing.pricePerToken, listing.initialAmount, listing.seller);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n //\n // Cancel listing\n //\n function cancelListing(uint256 id) external {\n Listing storage listing = listingsById[id];\n require(listing.active, \"This listing was turned inactive already!\");\n require(listing.seller == msg.sender || owner == msg.sender, \"Only the listing owner or the contract owner can cancel the listing!\");\n listing.active = false;\n emit Canceled(id);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n //\n // Set paused\n //\n function setPaused(bool value) external onlyContractOwner {\n paused = value;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n //\n // Funds withdrawal to cover operational costs\n //\n function withdrawFunds(uint256 withdrawAmount) external onlyContractOwner {\n owner.transfer(withdrawAmount);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n //\n // Contract may be destroyed only when there is nothing else going on. \n // All funds are transferred to contract owner.\n //\n function kill() external onlyContractOwner {\n selfdestruct(owner);\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n" + }, + { + "contract": "buggy_23.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Saturday, April 27, 2019\n (UTC) */\n\n// File: contracts/token/ERC20/IERC20.sol\n\npragma solidity ^0.5.2;\n\n/**\n * @title ERC20 interface\n * @dev see https://eips.ethereum.org/EIPS/eip-20\n */\ninterface IERC20 {\n function transfer(address to, uint256 value) external returns (bool);\n\n function approve(address spender, uint256 value) external returns (bool);\n\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n function totalSupply() external view returns (uint256);\n\n function balanceOf(address who) external view returns (uint256);\n\n function allowance(address owner, address spender) external view returns (uint256);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n// File: contracts/math/SafeMath.sol\n\npragma solidity ^0.5.2;\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error.\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b);\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0);\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a);\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n}\n\n// File: contracts/token/ERC20/ERC20.sol\n\npragma solidity ^0.5.2;\n\n\n\n/**\n * @title Standard ERC20 token\n *\n * @dev Implementation of the basic standard token.\n * https://eips.ethereum.org/EIPS/eip-20\n * Originally based on code by FirstBlood:\n * https://github.com/Firstbloodio/token/blob/master/smart_contract/FirstBloodToken.sol\n *\n * This implementation emits additional Approval events, allowing applications to reconstruct the allowance status for\n * all accounts just by listening to said events. Note that this isn't required by the specification, and other\n * compliant implementations may not do it.\n */\ncontract ERC20 is IERC20 {\n using SafeMath for uint256;\n\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => uint256) private _balances;\n\n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\n address winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n uint256 private _totalSupply;\n\n /**\n * @dev Total number of tokens in existence.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n /**\n * @dev Gets the balance of the specified address.\n * @param owner The address to query the balance of.\n * @return A uint256 representing the amount owned by the passed address.\n */\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Function to check the amount of tokens that an owner allowed to a spender.\n * @param owner address The address which owns the funds.\n * @param spender address The address which will spend the funds.\n * @return A uint256 specifying the amount of tokens still available for the spender.\n */\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n /**\n * @dev Transfer token to a specified address.\n * @param to The address to transfer to.\n * @param value The amount to be transferred.\n */\n function transfer(address to, uint256 value) public returns (bool) {\n _transfer(msg.sender, to, value);\n return true;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n /**\n * @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.\n * Beware that changing an allowance with this method brings the risk that someone may use both the old\n * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this\n * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n * @param spender The address which will spend the funds.\n * @param value The amount of tokens to be spent.\n */\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n /**\n * @dev Transfer tokens from one address to another.\n * Note that while this function emits an Approval event, this is not required as per the specification,\n * and other compliant implementations may not emit the event.\n * @param from address The address which you want to send tokens from\n * @param to address The address which you want to transfer to\n * @param value uint256 the amount of tokens to be transferred\n */\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n _transfer(from, to, value);\n _approve(from, msg.sender, _allowed[from][msg.sender].sub(value));\n return true;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n /**\n * @dev Increase the amount of tokens that an owner allowed to a spender.\n * approve should be called when _allowed[msg.sender][spender] == 0. To increment\n * allowed value is better to use this function to avoid 2 calls (and wait until\n * the first transaction is mined)\n * From MonolithDAO Token.sol\n * Emits an Approval event.\n * @param spender The address which will spend the funds.\n * @param addedValue The amount of tokens to increase the allowance by.\n */\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowed[msg.sender][spender].add(addedValue));\n return true;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Decrease the amount of tokens that an owner allowed to a spender.\n * approve should be called when _allowed[msg.sender][spender] == 0. To decrement\n * allowed value is better to use this function to avoid 2 calls (and wait until\n * the first transaction is mined)\n * From MonolithDAO Token.sol\n * Emits an Approval event.\n * @param spender The address which will spend the funds.\n * @param subtractedValue The amount of tokens to decrease the allowance by.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowed[msg.sender][spender].sub(subtractedValue));\n return true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n /**\n * @dev Transfer token for a specified addresses.\n * @param from The address to transfer from.\n * @param to The address to transfer to.\n * @param value The amount to be transferred.\n */\n function _transfer(address from, address to, uint256 value) internal {\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n _balances[to] = _balances[to].add(value);\n emit Transfer(from, to, value);\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Internal function that mints an amount of the token and assigns it to\n * an account. This encapsulates the modification of balances such that the\n * proper events are emitted.\n * @param account The account that will receive the created tokens.\n * @param value The amount that will be created.\n */\n function _mint(address account, uint256 value) internal {\n require(account != address(0));\n\n _totalSupply = _totalSupply.add(value);\n _balances[account] = _balances[account].add(value);\n emit Transfer(address(0), account, value);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /**\n * @dev Internal function that burns an amount of the token of a given\n * account.\n * @param account The account whose tokens will be burnt.\n * @param value The amount that will be burnt.\n */\n function _burn(address account, uint256 value) internal {\n require(account != address(0));\n\n _totalSupply = _totalSupply.sub(value);\n _balances[account] = _balances[account].sub(value);\n emit Transfer(account, address(0), value);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Approve an address to spend another addresses' tokens.\n * @param owner The address that owns the tokens.\n * @param spender The address that will spend the tokens.\n * @param value The number of tokens that can be spent.\n */\n function _approve(address owner, address spender, uint256 value) internal {\n require(spender != address(0));\n require(owner != address(0));\n\n _allowed[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * @dev Internal function that burns an amount of the token of a given\n * account, deducting from the sender's allowance for said account. Uses the\n * internal burn function.\n * Emits an Approval event (reflecting the reduced allowance).\n * @param account The account whose tokens will be burnt.\n * @param value The amount that will be burnt.\n */\n function _burnFrom(address account, uint256 value) internal {\n _burn(account, value);\n _approve(account, msg.sender, _allowed[account][msg.sender].sub(value));\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n}\n\n// File: contracts/token/ERC20/ERC20Burnable.sol\n\npragma solidity ^0.5.2;\n\n\n/**\n * @title Burnable Token\n * @dev Token that can be irreversibly burned (destroyed).\n */\ncontract ERC20Burnable is ERC20 {\n /**\n * @dev Burns a specific amount of tokens.\n * @param value The amount of token to be burned.\n */\n function burn(uint256 value) public {\n _burn(msg.sender, value);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /**\n * @dev Burns a specific amount of tokens from the target address and decrements allowance.\n * @param from address The account whose tokens will be burned.\n * @param value uint256 The amount of token to be burned.\n */\n function burnFrom(address from, uint256 value) public {\n _burnFrom(from, value);\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\n// File: contracts/token/ERC20/ERC20Detailed.sol\n\npragma solidity ^0.5.2;\n\n\n/**\n * @title ERC20Detailed token\n * @dev The decimals are only for visualization purposes.\n * All the operations are done using the smallest and indivisible token unit,\n * just as on Ethereum all the operations are done in wei.\n */\ncontract ERC20Detailed is IERC20 {\n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n string private _name;\n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string private _symbol;\n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint8 private _decimals;\n\n constructor (string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n /**\n * @return the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n /**\n * @return the symbol of the token.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n\n /**\n * @return the number of decimals of the token.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nuint256 bugv_tmstmp3 = block.timestamp;\n}\n\n// File: contracts/token/AGR.sol\n\npragma solidity ^0.5.0;\n\n\n\n\ncontract AGR is ERC20, ERC20Detailed, ERC20Burnable {\n constructor() ERC20Detailed('Aggregion Token', 'AGR', 4) public {\n super._mint(msg.sender, 30000000000000);\n }\nuint256 bugv_tmstmp4 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_35.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.11; \n /* \n ___________________________________________________________________\n _ _ ______ \n | | / / / \n --|-/|-/-----__---/----__----__---_--_----__-------/-------__------\n |/ |/ /___) / / ' / ) / / ) /___) / / ) \n __/__|____(___ _/___(___ _(___/_/_/__/_(___ _____/______(___/__o_o_\n \n \n \n \n \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557\n \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551\u255a\u2550\u2550\u2588\u2588\u2554\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u255a\u2588\u2588\u2557 \u2588\u2588\u2554\u255d\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557 \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u255a\u2588\u2588\u2557\u2588\u2588\u2554\u255d\n \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551 \u255a\u2588\u2588\u2588\u2588\u2554\u255d \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d \u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2557 \u255a\u2588\u2588\u2588\u2554\u255d \n \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2554\u2550\u2550\u2550\u255d \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551 \u255a\u2588\u2588\u2554\u255d \u2588\u2588\u2554\u2550\u2550\u255d \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557 \u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u255d \u2588\u2588\u2554\u2588\u2588\u2557 \n \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551 \u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2554\u255d \u2588\u2588\u2557\n \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\n \n \n \n \n------------------------------------------------------------------------------------------------------\n Copyright (c) 2019 Onwards Bitpayer Inc. ( https://dex.bitpayer.io )\n Contract designed with \u2764 by EtherAuthority ( https://EtherAuthority.io )\n------------------------------------------------------------------------------------------------------\n*/\n\n\n//*******************************************************************\n//------------------------ SafeMath Library -------------------------\n//*******************************************************************\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\n\n//*******************************************************************//\n//------------------ Contract to Manage Ownership -------------------//\n//*******************************************************************//\n \ncontract owned {\n address winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n address public owner;\n function bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n address private newOwner;\n\n\n address winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n event OwnershipTransferred(uint256 curTime, address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n\n\n function onlyOwnerTransferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n //this flow is to prevent transferring ownership to wrong wallet by mistake\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(now, owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n}\n\ninterface ERC20Essential \n{\n\n function transfer(address _to, uint256 _amount) external returns (bool);\n function transferFrom(address _from, address _to, uint256 _amount) external returns (bool);\n\n}\n\n\ncontract BitpayerDEX is owned {\n using SafeMath for uint256;\naddress winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n bool public safeGuard; // To hault all non owner functions in case of imergency - by default false\nfunction bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public feeAccount; //the account that will receive fees\naddress winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n uint public tradingFee = 50; // 50 = 0.5%\n \nfunction bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (address => uint)) public tokens; //mapping of token addresses to mapping of account balances (token=0 means Ether)\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (bytes32 => bool)) public orders; //mapping of user accounts to mapping of order hashes to booleans (true = submitted by user, equivalent to offchain signature)\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n mapping (address => mapping (bytes32 => uint)) public orderFills; //mapping of user accounts to mapping of order hashes to uints (amount of order that has been filled)\n \nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n event Order(uint256 curTime, address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user);\nuint256 bugv_tmstmp5 = block.timestamp;\n event Cancel(uint256 curTime, address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s);\nuint256 bugv_tmstmp1 = block.timestamp;\n event Trade(uint256 curTime, address tokenGet, uint amountGet, address tokenGive, uint amountGive, address get, address give);\nuint256 bugv_tmstmp2 = block.timestamp;\n event Deposit(uint256 curTime, address token, address user, uint amount, uint balance);\nuint256 bugv_tmstmp3 = block.timestamp;\n event Withdraw(uint256 curTime, address token, address user, uint amount, uint balance);\nuint256 bugv_tmstmp4 = block.timestamp;\n event OwnerWithdrawTradingFee(address indexed owner, uint256 amount);\n\n\n\n constructor() public {\n feeAccount = msg.sender;\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n function changeSafeguardStatus() onlyOwner public\n {\n if (safeGuard == false)\n {\n safeGuard = true;\n }\n else\n {\n safeGuard = false; \n }\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n //Calculate percent and return result\n function calculatePercentage(uint256 PercentOf, uint256 percentTo ) internal pure returns (uint256) \n {\n uint256 factor = 10000;\n require(percentTo <= factor);\n uint256 c = PercentOf.mul(percentTo).div(factor);\n return c;\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n } \n\n\n\n \n // contract without fallback automatically reject incoming ether\n // function() external { }\n\n\n function changeFeeAccount(address feeAccount_) public onlyOwner {\n feeAccount = feeAccount_;\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n function changetradingFee(uint tradingFee_) public onlyOwner{\n //require(tradingFee_ <= tradingFee);\n tradingFee = tradingFee_;\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function availableTradingFeeOwner() public view returns(uint256){\n //it only holds ether as fee\n return tokens[address(0)][feeAccount];\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n \n function withdrawTradingFeeOwner() public onlyOwner returns (string memory){\n uint256 amount = availableTradingFeeOwner();\n require (amount > 0, 'Nothing to withdraw');\n \n tokens[address(0)][feeAccount] = 0;\n \n msg.sender.transfer(amount);\n \n emit OwnerWithdrawTradingFee(owner, amount);\n \n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n function deposit() public payable {\n tokens[address(0)][msg.sender] = tokens[address(0)][msg.sender].add(msg.value);\n emit Deposit(now, address(0), msg.sender, msg.value, tokens[address(0)][msg.sender]);\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n function withdraw(uint amount) public {\n require(!safeGuard,\"System Paused by Admin\");\n require(tokens[address(0)][msg.sender] >= amount);\n tokens[address(0)][msg.sender] = tokens[address(0)][msg.sender].sub(amount);\n msg.sender.transfer(amount);\n emit Withdraw(now, address(0), msg.sender, amount, tokens[address(0)][msg.sender]);\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function depositToken(address token, uint amount) public {\n //remember to call Token(address).approve(this, amount) or this contract will not be able to do the transfer on your behalf.\n require(token!=address(0));\n require(ERC20Essential(token).transferFrom(msg.sender, address(this), amount));\n tokens[token][msg.sender] = tokens[token][msg.sender].add(amount);\n emit Deposit(now, token, msg.sender, amount, tokens[token][msg.sender]);\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\t\n function withdrawToken(address token, uint amount) public {\n require(!safeGuard,\"System Paused by Admin\");\n require(token!=address(0));\n require(tokens[token][msg.sender] >= amount);\n tokens[token][msg.sender] = tokens[token][msg.sender].sub(amount);\n\t ERC20Essential(token).transfer(msg.sender, amount);\n emit Withdraw(now, token, msg.sender, amount, tokens[token][msg.sender]);\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n function balanceOf(address token, address user) public view returns (uint) {\n return tokens[token][user];\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function order(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce) public {\n bytes32 hash = keccak256(abi.encodePacked(this, tokenGet, amountGet, tokenGive, amountGive, expires, nonce));\n orders[msg.sender][hash] = true;\n emit Order(now, tokenGet, amountGet, tokenGive, amountGive, expires, nonce, msg.sender);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n function trade(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s, uint amount) public {\n require(!safeGuard,\"System Paused by Admin\");\n //amount is in amountGet terms\n bytes32 hash = keccak256(abi.encodePacked(this, tokenGet, amountGet, tokenGive, amountGive, expires, nonce));\n require((\n (orders[user][hash] || ecrecover(keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash)),v,r,s) == user) &&\n block.number <= expires &&\n orderFills[user][hash].add(amount) <= amountGet\n ));\n tradeBalances(tokenGet, amountGet, tokenGive, amountGive, user, amount);\n orderFills[user][hash] = orderFills[user][hash].add(amount);\n emit Trade(now, tokenGet, amount, tokenGive, amountGive * amount / amountGet, user, msg.sender);\n }\n\n function tradeBalances(address tokenGet, uint amountGet, address tokenGive, uint amountGive, address user, uint amount) internal {\n \n uint tradingFeeXfer = calculatePercentage(amount,tradingFee);\n tokens[tokenGet][msg.sender] = tokens[tokenGet][msg.sender].sub(amount.add(tradingFeeXfer));\n tokens[tokenGet][user] = tokens[tokenGet][user].add(amount.sub(tradingFeeXfer));\n tokens[address(0)][feeAccount] = tokens[address(0)][feeAccount].add(tradingFeeXfer);\n\n tokens[tokenGive][user] = tokens[tokenGive][user].sub(amountGive.mul(amount) / amountGet);\n tokens[tokenGive][msg.sender] = tokens[tokenGive][msg.sender].add(amountGive.mul(amount) / amountGet);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function testTrade(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s, uint amount, address sender) public view returns(bool) {\n \n if (!(\n tokens[tokenGet][sender] >= amount &&\n availableVolume(tokenGet, amountGet, tokenGive, amountGive, expires, nonce, user, v, r, s) >= amount\n )) return false;\n return true;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function availableVolume(address tokenGet, uint amountGet, address tokenGive, uint amountGive, uint expires, uint nonce, address user, uint8 v, bytes32 r, bytes32 s) public view returns(uint) {\n bytes32 hash = keccak256(abi.encodePacked(this, tokenGet, amountGet, tokenGive, amountGive, expires, nonce));\n uint available1;\n if (!(\n (orders[user][hash] || ecrecover(keccak256(abi.encodePacked(\"\\x19Ethereum Signed Message:\\n32\", hash)),v,r,s) == user) &&\n block.number <= expires\n )) return 0;\n available1 = tokens[tokenGive][user].mul(amountGet) / amountGive;\n \n if (amountGet.sub(orderFills[user][hash])= 1546300800;\n }\n function balanceOf(address tokenOwner) public view returns (uint balance);\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n function transfer(address to, uint tokens) public returns (bool success);\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n \n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function approve(address spender, uint tokens) public returns (bool success);\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n \n event Transfer(address indexed from, address indexed to, uint tokens);\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\ncontract AcunarToken is ERC20Interface{\n function bug_tmstmp24 () public payable {\n\tuint pastBlockTime_tmstmp24; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp24); // only 1 transaction per block //bug\n pastBlockTime_tmstmp24 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string public name = \"Acunar\";\n function bug_tmstmp5() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public symbol = \"ACN\";\n address winner_tmstmp15;\nfunction play_tmstmp15(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp15 = msg.sender;}}\n uint public decimals = 0;\n \n function bug_tmstmp28 () public payable {\n\tuint pastBlockTime_tmstmp28; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp28); // only 1 transaction per block //bug\n pastBlockTime_tmstmp28 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint public supply;\n address winner_tmstmp34;\nfunction play_tmstmp34(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp34 = msg.sender;}}\n address public founder;\n \n function bug_tmstmp21() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping(address => uint) public balances;\n \n address winner_tmstmp10;\nfunction play_tmstmp10(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp10 = msg.sender;}}\n mapping(address => mapping(address => uint)) allowed;\n \n //allowed[0x1111....][0x22222...] = 100;\n \n \n event Transfer(address indexed from, address indexed to, uint tokens);\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n\n\n constructor() public{\n supply = 200000000;\n founder = msg.sender;\n balances[founder] = supply;\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n \n function allowance(address tokenOwner, address spender) view public returns(uint){\n return allowed[tokenOwner][spender];\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n \n \n //approve allowance\n function approve(address spender, uint tokens) public returns(bool){\n require(balances[msg.sender] >= tokens);\n require(tokens > 0);\n \n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n \n //transfer tokens from the owner account to the account that calls the function\n function transferFrom(address from, address to, uint tokens) public returns(bool){\n require(allowed[from][to] >= tokens);\n require(balances[from] >= tokens);\n \n balances[from] -= tokens;\n balances[to] += tokens;\n \n \n allowed[from][to] -= tokens;\n \n return true;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n \n function totalSupply() public view returns (uint){\n return supply;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n \n function balanceOf(address tokenOwner) public view returns (uint balance){\n return balances[tokenOwner];\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n \n function transfer(address to, uint tokens) public returns (bool success){\n require(balances[msg.sender] >= tokens && tokens > 0);\n \n balances[to] += tokens;\n balances[msg.sender] -= tokens;\n emit Transfer(msg.sender, to, tokens);\n return true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n}\n\n\ncontract AcunarIEO is AcunarToken{\n address winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n address public admin;\n \n \n //starting with solidity version 0.5.0 only a payable address has the transfer() member function\n //it's mandatory to declare the variable payable\n function bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n address payable public deposit;\n \n //token price in wei: 1 ACN = 0.0001 ETHER, 1 ETHER = 10000 ACN\n address winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n uint tokenPrice = 0.0001 ether;\n \n //300 Ether in wei\n function bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint public hardCap =21000 ether;\n \n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n uint public raisedAmount;\n \n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint public saleStart = now;\n uint public saleEnd = now + 14515200; //24 week\n uint public coinTradeStart = saleEnd + 15120000; //transferable in a week after salesEnd\n \n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint public maxInvestment = 30 ether;\n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n uint public minInvestment = 0.1 ether;\n \n enum State { beforeStart, running, afterEnd, halted}\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n State public ieoState;\n \n \n modifier onlyAdmin(){\n require(msg.sender == admin);\n _;\n }\nuint256 bugv_tmstmp3 = block.timestamp;\n \n uint256 bugv_tmstmp4 = block.timestamp;\n event Invest(address investor, uint value, uint tokens);\n \n \n //in solidity version > 0.5.0 the deposit argument must be payable\n constructor(address payable _deposit) public{\n deposit = _deposit;\n admin = msg.sender;\n ieoState = State.beforeStart;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n //emergency stop\n function halt() public onlyAdmin{\n ieoState = State.halted;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n \n //restart \n function unhalt() public onlyAdmin{\n ieoState = State.running;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n \n //only the admin can change the deposit address\n //in solidity version > 0.5.0 the deposit argument must be payable\n function changeDepositAddress(address payable newDeposit) public onlyAdmin{\n deposit = newDeposit;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n \n //returns ieo state\n function getCurrentState() public view returns(State){\n if(ieoState == State.halted){\n return State.halted;\n }else if(block.timestamp < saleStart){\n return State.beforeStart;\n }else if(block.timestamp >= saleStart && block.timestamp <= saleEnd){\n return State.running;\n }else{\n return State.afterEnd;\n }\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n \n \n function invest() payable public returns(bool){\n //invest only in running\n ieoState = getCurrentState();\n require(ieoState == State.running);\n \n require(msg.value >= minInvestment && msg.value <= maxInvestment);\n \n uint tokens = msg.value / tokenPrice;\n \n //hardCap not reached\n require(raisedAmount + msg.value <= hardCap);\n \n raisedAmount += msg.value;\n \n //add tokens to investor balance from founder balance\n balances[msg.sender] += tokens;\n balances[founder] -= tokens;\n \n deposit.transfer(msg.value);//transfer eth to the deposit address\n \n //emit event\n emit Invest(msg.sender, msg.value, tokens);\n \n return true;\n \n\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n \n //the payable function must be declared external in solidity versions > 0.5.0\n function () payable external{\n invest();\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n \n \n function burn() public returns(bool){\n ieoState = getCurrentState();\n require(ieoState == State.afterEnd);\n balances[founder] = 0;\n \n }\nuint256 bugv_tmstmp5 = block.timestamp;\n \n \n function transfer(address to, uint value) public returns(bool){\n require(block.timestamp > coinTradeStart);\n super.transfer(to, value);\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n \n function transferFrom(address _from, address _to, uint _value) public returns(bool){\n require(block.timestamp > coinTradeStart);\n super.transferFrom(_from, _to, _value);\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n \n}\n" + }, + { + "contract": "buggy_50.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.11;\n\ncontract digitalNotary\n{\n \n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address payable private manager;\n \n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n bool private contractactive;\n \n address winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n uint private hashfee;\n \n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n uint private changehashownerfee;\n \n struct HashRegistration \n {\n address owner;\n uint registrationtime;\n }\n \n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping(bytes32 => HashRegistration[]) HashList;\n \n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint private HashListLength;\n \n uint256 bugv_tmstmp3 = block.timestamp;\n event RegisterHashEvent(address indexed msgsender, bytes32 indexed hash, uint timestamp);\n \n uint256 bugv_tmstmp4 = block.timestamp;\n event ChangeHashOwnershipEvent(address indexed msgsender, address indexed newowner, bytes32 indexed hash, uint timestamp);\n \n constructor() public\n {\n\n manager = msg.sender;\n \n contractactive = true;\n \n hashfee = 5000000000000000;\n \n changehashownerfee = 25000000000000000;\n \n HashListLength = 0;\n \n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n \n modifier onlyManager()\n {\n require(msg.sender == manager);\n _;\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n \n \n function gethashfee() external view returns(uint)\n {\n return hashfee;\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function sethashfee(uint newfee) external onlyManager\n {\n require(newfee >= 0);\n \n hashfee = newfee;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n \n function getchangehashownerfee() external view returns(uint)\n {\n return changehashownerfee;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n \n function setchangehashownerfee(uint newfee) external onlyManager\n {\n require(newfee >= 0);\n \n changehashownerfee = newfee;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n \n function getcontractactive() external view returns (bool)\n {\n return contractactive;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n \n function setcontractactive(bool contactive) external onlyManager\n {\n contractactive = contactive;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function getmanager() external view returns(address)\n {\n return manager;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n \n function setmanager(address payable newmngr) external onlyManager\n {\n require(newmngr.balance > 0);\n manager = newmngr;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function getcontractbalance() public view returns(uint)\n {\n \n return address(this).balance;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n \n function transfercontractbalance() external onlyManager\n {\n uint cb = address(this).balance;\n \n require(cb > 0);\n \n manager.transfer(cb);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function getHashOwnersCount(bytes32 hash) public view returns(uint)\n {\n return HashList[hash].length;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function getNumberofHashesRegistered() external view returns(uint)\n {\n return HashListLength;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n \n function getHashDetails(bytes32 hash,uint indx) external view returns (address,uint)\n {\n\n uint owncount = getHashOwnersCount(hash);\n require(owncount > 0);\n require(indx < owncount);\n \n return (HashList[hash][indx].owner,HashList[hash][indx].registrationtime);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n \n function registerHash(bytes32 hash) external payable\n {\n \n require(contractactive == true);\n require(getHashOwnersCount(hash) == 0);\n require(msg.value == hashfee);\n \n HashRegistration memory thisregistration;\n thisregistration.owner = msg.sender;\n thisregistration.registrationtime = now;\n \n HashList[hash].push(thisregistration);\n \n HashListLength++;\n \n emit RegisterHashEvent(thisregistration.owner, hash, thisregistration.registrationtime);\n \n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function changeHashOwnership(bytes32 hash, address newowner) external payable\n {\n \n require(contractactive == true);\n uint owncount = getHashOwnersCount(hash);\n require(owncount > 0);\n require(msg.sender == HashList[hash][owncount - 1].owner); \n require(msg.value == changehashownerfee);\n \n HashRegistration memory thisregistration;\n thisregistration.owner = newowner;\n thisregistration.registrationtime = now;\n \n HashList[hash].push(thisregistration);\n \n emit ChangeHashOwnershipEvent(msg.sender, thisregistration.owner, hash, thisregistration.registrationtime);\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n \n function () external\n {\n \t\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_4.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\n\n/**\n * @title PHO token - for Game coin sale\n * @author Willy Lee\n */\n\n\n/**\n * @title ERC20 Standard Interface\n */\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n event Transfer(address indexed from, address indexed to, uint256 value);\n}\n\n\n/**\n * @title Token implementation\n */\ncontract PHO is IERC20 {\n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string public name = \"PHO\";\n address winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n string public symbol = \"PHO\";\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n uint8 public decimals = 18;\n \n address winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n uint256 saleAmount;\n address winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n uint256 evtAmount;\n function bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 teamAmount;\n\n address winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n uint256 _totalSupply;\n function bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping(address => uint256) balances;\n\n address winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n address public owner;\n function bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n address public sale;\n function bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public evt;\n address winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n address public team;\n \n modifier isOwner {\n require(owner == msg.sender);\n _;\n }\nuint256 bugv_tmstmp4 = block.timestamp;\n \n constructor() public {\n owner = msg.sender;\n sale = 0x071F73f4D0befd4406901AACE6D5FFD6D297c561;\n evt = 0x76535ca5BF1d33434A302e5A464Df433BB1F80F6;\n team = 0xD7EC5D8697e4c83Dc33D781d19dc2910fB165D5C;\n\n saleAmount = toWei(1000000000); //1,000,000,000\n evtAmount = toWei(200000000); // 200,000,000\n teamAmount = toWei(800000000); // 800,000,000\n _totalSupply = toWei(2000000000); //2,000,000,000\n\n require(_totalSupply == saleAmount + evtAmount + teamAmount );\n \n balances[owner] = _totalSupply;\n emit Transfer(address(0), owner, balances[owner]);\n \n transfer(sale, saleAmount);\n transfer(evt, evtAmount);\n transfer(team, teamAmount);\n require(balances[owner] == 0);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n \n function totalSupply() public view returns (uint) {\n return _totalSupply;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function balanceOf(address who) public view returns (uint256) {\n return balances[who];\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n \n function transfer(address to, uint256 value) public returns (bool success) {\n require(msg.sender != to);\n require(value > 0);\n \n require( balances[msg.sender] >= value );\n require( balances[to] + value >= balances[to] );\n\n if(msg.sender == team) {\n require(now >= 1589036400); // 800M lock to 2020-05-10\n if(balances[msg.sender] - value < toWei(600000000))\n require(now >= 1620572400); // 10M lock to 2021-05-10\n if(balances[msg.sender] - value < toWei(400000000))\n require(now >= 1652108400); // 10M lock to 2022-05-10\n if(balances[msg.sender] - value < toWei(200000000))\n require(now >= 1683644400); // 10M lock to 2023-05-10\n }\n\n balances[msg.sender] -= value;\n balances[to] += value;\n\n emit Transfer(msg.sender, to, value);\n return true;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n \n function burnCoins(uint256 value) public {\n require(balances[msg.sender] >= value);\n require(_totalSupply >= value);\n \n balances[msg.sender] -= value;\n _totalSupply -= value;\n\n emit Transfer(msg.sender, address(0), value);\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n\n\n /** @dev private function\n */\n\n function toWei(uint256 value) private view returns (uint256) {\n return value * (10 ** uint256(decimals));\n }\nuint256 bugv_tmstmp3 = block.timestamp;\n}" + }, + { + "contract": "buggy_44.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\n\ncontract EventMetadata {\n\n uint256 bugv_tmstmp5 = block.timestamp;\n event MetadataSet(bytes metadata);\n\n // state functions\n\n function _setMetadata(bytes memory metadata) internal {\n emit MetadataSet(metadata);\n }\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n}\n\n\n\ncontract Operated {\n\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n address private _operator;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n bool private _status;\n\n uint256 bugv_tmstmp1 = block.timestamp;\n event OperatorUpdated(address operator, bool status);\n\n // state functions\n\n function _setOperator(address operator) internal {\n require(_operator != operator, \"cannot set same operator\");\n _operator = operator;\n emit OperatorUpdated(operator, hasActiveOperator());\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function _transferOperator(address operator) internal {\n // transferring operator-ship implies there was an operator set before this\n require(_operator != address(0), \"operator not set\");\n _setOperator(operator);\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function _renounceOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _operator = address(0);\n _status = false;\n emit OperatorUpdated(address(0), false);\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n\n function _activateOperator() internal {\n require(!hasActiveOperator(), \"only when operator not active\");\n _status = true;\n emit OperatorUpdated(_operator, true);\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n function _deactivateOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _status = false;\n emit OperatorUpdated(_operator, false);\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // view functions\n\n function getOperator() public view returns (address operator) {\n operator = _operator;\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function isOperator(address caller) public view returns (bool ok) {\n return (caller == getOperator());\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n function hasActiveOperator() public view returns (bool ok) {\n return _status;\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function isActiveOperator(address caller) public view returns (bool ok) {\n return (isOperator(caller) && hasActiveOperator());\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n}\n\n\n\ncontract ProofHashes {\n\n uint256 bugv_tmstmp2 = block.timestamp;\n event HashFormatSet(uint8 hashFunction, uint8 digestSize);\n uint256 bugv_tmstmp3 = block.timestamp;\n event HashSubmitted(bytes32 hash);\n\n // state functions\n\n function _setMultiHashFormat(uint8 hashFunction, uint8 digestSize) internal {\n // emit event\n emit HashFormatSet(hashFunction, digestSize);\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n function _submitHash(bytes32 hash) internal {\n // emit event\n emit HashSubmitted(hash);\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n}\n\n\n\n/**\n * @title MultiHashWrapper\n * @dev Contract that handles multi hash data structures and encoding/decoding\n * Learn more here: https://github.com/multiformats/multihash\n */\ncontract MultiHashWrapper {\n\n // bytes32 hash first to fill the first storage slot\n struct MultiHash {\n bytes32 hash;\n uint8 hashFunction;\n uint8 digestSize;\n }\n\n /**\n * @dev Given a multihash struct, returns the full base58-encoded hash\n * @param multihash MultiHash struct that has the hashFunction, digestSize and the hash\n * @return the base58-encoded full hash\n */\n function _combineMultiHash(MultiHash memory multihash) internal pure returns (bytes memory) {\n bytes memory out = new bytes(34);\n\n out[0] = byte(multihash.hashFunction);\n out[1] = byte(multihash.digestSize);\n\n uint8 i;\n for (i = 0; i < 32; i++) {\n out[i+2] = multihash.hash[i];\n }\n\n return out;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n /**\n * @dev Given a base58-encoded hash, divides into its individual parts and returns a struct\n * @param source base58-encoded hash\n * @return MultiHash that has the hashFunction, digestSize and the hash\n */\n function _splitMultiHash(bytes memory source) internal pure returns (MultiHash memory) {\n require(source.length == 34, \"length of source must be 34\");\n\n uint8 hashFunction = uint8(source[0]);\n uint8 digestSize = uint8(source[1]);\n bytes32 hash;\n\n assembly {\n hash := mload(add(source, 34))\n }\n\n return (MultiHash({\n hashFunction: hashFunction,\n digestSize: digestSize,\n hash: hash\n }));\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n}\n\n\n/* TODO: Update eip165 interface\n * bytes4(keccak256('create(bytes)')) == 0xcf5ba53f\n * bytes4(keccak256('getInstanceType()')) == 0x18c2f4cf\n * bytes4(keccak256('getInstanceRegistry()')) == 0xa5e13904\n * bytes4(keccak256('getImplementation()')) == 0xaaf10f42\n *\n * => 0xcf5ba53f ^ 0x18c2f4cf ^ 0xa5e13904 ^ 0xaaf10f42 == 0xd88967b6\n */\n interface iFactory {\n\n event InstanceCreated(address indexed instance, address indexed creator, string initABI, bytes initData);\n\n function create(bytes calldata initData) external returns (address instance);\n function createSalty(bytes calldata initData, bytes32 salt) external returns (address instance);\n function getInitSelector() external view returns (bytes4 initSelector);\n function getInstanceRegistry() external view returns (address instanceRegistry);\n function getTemplate() external view returns (address template);\n function getSaltyInstance(bytes calldata, bytes32 salt) external view returns (address instance);\n function getNextInstance(bytes calldata) external view returns (address instance);\n\n function getInstanceCreator(address instance) external view returns (address creator);\n function getInstanceType() external view returns (bytes4 instanceType);\n function getInstanceCount() external view returns (uint256 count);\n function getInstance(uint256 index) external view returns (address instance);\n function getInstances() external view returns (address[] memory instances);\n function getPaginatedInstances(uint256 startIndex, uint256 endIndex) external view returns (address[] memory instances);\n }\n\n\n\ncontract Template {\n\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address private _factory;\n\n // modifiers\n\n modifier initializeTemplate() {\n // set factory\n _factory = msg.sender;\n\n // only allow function to be delegatecalled from within a constructor.\n uint32 codeSize;\n assembly { codeSize := extcodesize(address) }\n require(codeSize == 0, \"must be called within contract constructor\");\n _;\n }\n\n // view functions\n\n function getCreator() public view returns (address creator) {\n // iFactory(...) would revert if _factory address is not actually a factory contract\n creator = iFactory(_factory).getInstanceCreator(address(this));\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n function isCreator(address caller) public view returns (bool ok) {\n ok = (caller == getCreator());\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function getFactory() public view returns (address factory) {\n factory = _factory;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n}\n\n\n\n\n\n\n\ncontract Feed is ProofHashes, MultiHashWrapper, Operated, EventMetadata, Template {\n\n uint256 bugv_tmstmp4 = block.timestamp;\n event Initialized(address operator, bytes multihash, bytes metadata);\n\n function initialize(\n address operator,\n bytes memory multihash,\n bytes memory metadata\n ) public initializeTemplate() {\n // set operator\n if (operator != address(0)) {\n Operated._setOperator(operator);\n Operated._activateOperator();\n }\n\n // add multihash to storage\n if (multihash.length != 0) {\n // unpack multihash\n MultiHashWrapper.MultiHash memory multihashObj = MultiHashWrapper._splitMultiHash(multihash);\n\n // set multihash format\n ProofHashes._setMultiHashFormat(multihashObj.hashFunction, multihashObj.digestSize);\n\n // submit hash\n ProofHashes._submitHash(multihashObj.hash);\n }\n\n // set metadata\n if (metadata.length != 0) {\n EventMetadata._setMetadata(metadata);\n }\n\n // log initialization params\n emit Initialized(operator, multihash, metadata);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // state functions\n\n function submitHash(bytes32 multihash) public {\n // only active operator or creator\n require(Template.isCreator(msg.sender) || Operated.isActiveOperator(msg.sender), \"only active operator or creator\");\n\n // add multihash to storage\n ProofHashes._submitHash(multihash);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function setMetadata(bytes memory metadata) public {\n // only active operator or creator\n require(Template.isCreator(msg.sender) || Operated.isActiveOperator(msg.sender), \"only active operator or creator\");\n\n // set metadata\n EventMetadata._setMetadata(metadata);\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n function transferOperator(address operator) public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._transferOperator(operator);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function renounceOperator() public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._renounceOperator();\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n}\n" + }, + { + "contract": "buggy_38.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-26\n*/\n\npragma solidity ^0.5.8;\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function allowance(address owner, address spender) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n function approve(address spender, uint256 value) external returns (bool);\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract ERC20Detailed is IERC20 {\n\nfunction bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string private _name;\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string private _symbol;\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n uint8 private _decimals;\n\n constructor(string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function name() public view returns(string memory) {\n return _name;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n function symbol() public view returns(string memory) {\n return _symbol;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n function decimals() public view returns(uint8) {\n return _decimals;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n}\n\ncontract BIGBOMBv2 is ERC20Detailed {\n\n using SafeMath for uint256;\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => uint256) private _balances;\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n string constant tokenName = \"BIGBOMB\";\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n string constant tokenSymbol = \"BBOMB\";\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint8 constant tokenDecimals = 18;\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 _totalSupply = 800000000000000000000000;\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n uint256 public basePercent = 100;\n\n constructor() public payable ERC20Detailed(tokenName, tokenSymbol, tokenDecimals) {\n _mint(msg.sender, _totalSupply);\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function findfourPercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 fourPercent = roundValue.mul(basePercent).div(2500);\n return fourPercent;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n function transfer(address to, uint256 value) public returns (bool) {\n require(value <= _balances[msg.sender]);\n require(to != address(0));\n\n uint256 tokensToBurn = findfourPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[msg.sender] = _balances[msg.sender].sub(value);\n _balances[to] = _balances[to].add(tokensToTransfer);\n\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n emit Transfer(msg.sender, to, tokensToTransfer);\n emit Transfer(msg.sender, address(0), tokensToBurn);\n return true;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function approve(address spender, uint256 value) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n require(value <= _balances[from]);\n require(value <= _allowed[from][msg.sender]);\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n\n uint256 tokensToBurn = findfourPercent(value);\n uint256 tokensToTransfer = value.sub(tokensToBurn);\n\n _balances[to] = _balances[to].add(tokensToTransfer);\n _totalSupply = _totalSupply.sub(tokensToBurn);\n\n _allowed[from][msg.sender] = _allowed[from][msg.sender].sub(value);\n\n emit Transfer(from, to, tokensToTransfer);\n emit Transfer(from, address(0), tokensToBurn);\n\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].add(addedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].sub(subtractedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n function _mint(address account, uint256 amount) internal {\n require(amount != 0);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function burn(uint256 amount) external {\n _burn(msg.sender, amount);\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n\n function _burn(address account, uint256 amount) internal {\n require(amount != 0);\n require(amount <= _balances[account]);\n _totalSupply = _totalSupply.sub(amount);\n _balances[account] = _balances[account].sub(amount);\n emit Transfer(account, address(0), amount);\n }\nuint256 bugv_tmstmp3 = block.timestamp;\n\n function burnFrom(address account, uint256 amount) external {\n require(amount <= _allowed[account][msg.sender]);\n _allowed[account][msg.sender] = _allowed[account][msg.sender].sub(amount);\n _burn(account, amount);\n }\nuint256 bugv_tmstmp4 = block.timestamp;\n}\n" + }, + { + "contract": "TTC.sol", + "label": "time_manipulation", + "code": "/*\n * @source: https://github.com/DependableSystemsLab/SolidiFI-benchmark/blob/master/buggy_contracts/Timestamp-Dependency/buggy_10.sol\n * @author: -\n * @vulnerable_at_lines: 31,58\n */\n\n\npragma solidity ^0.5.0;\n\ncontract Ownable {\nfunction bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n\nuint256 bugv_tmstmp5 = block.timestamp;\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n\n /**\n * @dev The Ownable constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor () public {\n owner = msg.sender;\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n // TIME_MANIPULATION\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n // TIME_MANIPULATION\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n}\n\ncontract TokenERC20 {\n // Public variables of the token\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n string public name;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public symbol;\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n uint256 public totalSupply;\n\n // This creates an array with all balances\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => uint256) public balanceOf;\n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp1 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp2 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n uint256 bugv_tmstmp3 = block.timestamp;\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constrctor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value > balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` in behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens in your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n /**\n * Set allowance for other address and notify\n \n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n}\n\n/******************************************/\n/* ADVANCED TOKEN STARTS HERE */\n/******************************************/\n\ncontract TTC is Ownable, TokenERC20 {\n\n address winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n uint256 public sellPrice;\n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n uint256 public buyPrice;\n\n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => bool) public frozenAccount;\n\n /* This generates a public event on the blockchain that will notify clients */\n uint256 bugv_tmstmp4 = block.timestamp;\n event FrozenFunds(address target, bool frozen);\n\n /* Initializes contract with initial supply tokens to the creator of the contract */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {}\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /* Internal transfer, only can be called by this contract */\n function _transfer(address _from, address _to, uint _value) internal {\n require (_to != address(0x0)); // Prevent transfer to 0x0 address. Use burn() instead\n require (balanceOf[_from] >= _value); // Check if the sender has enough\n require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows\n require(!frozenAccount[_from]); // Check if sender is frozen\n require(!frozenAccount[_to]); // Check if recipient is frozen\n balanceOf[_from] -= _value; // Subtract from the sender\n balanceOf[_to] += _value; // Add the same to the recipient\n emit Transfer(_from, _to, _value);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /// @notice Create `mintedAmount` tokens and send it to `target`\n /// @param target Address to receive the tokens\n /// @param mintedAmount the amount of tokens it will receive\n function mintToken(address target, uint256 mintedAmount) onlyOwner public {\n balanceOf[target] += mintedAmount;\n totalSupply += mintedAmount;\n emit Transfer(address(0), address(this), mintedAmount);\n emit Transfer(address(this), target, mintedAmount);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens\n /// @param target Address to be frozen\n /// @param freeze either to freeze it or not\n function freezeAccount(address target, bool freeze) onlyOwner public {\n frozenAccount[target] = freeze;\n emit FrozenFunds(target, freeze);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth\n /// @param newSellPrice Price the users can sell to the contract\n /// @param newBuyPrice Price users can buy from the contract\n function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public {\n sellPrice = newSellPrice;\n buyPrice = newBuyPrice;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n /// @notice Buy tokens from contract by sending ether\n function buy() payable public {\n uint amount = msg.value / buyPrice; // calculates the amount\n _transfer(address(this), msg.sender, amount); // makes the transfers\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /// @notice Sell `amount` tokens to contract\n /// @param amount amount of tokens to be sold\n function sell(uint256 amount) public {\n address myAddress = address(this);\n require(myAddress.balance >= amount * sellPrice); // checks if the contract has enough ether to buy\n _transfer(msg.sender, address(this), amount); // makes the transfers\n msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}" + }, + { + "contract": "buggy_24.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-25\n*/\n\n// File: contracts/zeppelin/SafeMath.sol\n\npragma solidity ^0.5.4;\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n return sub(a, b, \"SafeMath: subtraction overflow\");\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting with custom message on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n *\n * NOTE: This is a feature of the next version of OpenZeppelin Contracts.\n * @dev Get it via `npm install @openzeppelin/contracts@next`.\n */\n function sub(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b <= a, errorMessage);\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n return div(a, b, \"SafeMath: division by zero\");\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts with custom message on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n\n * NOTE: This is a feature of the next version of OpenZeppelin Contracts.\n * @dev Get it via `npm install @openzeppelin/contracts@next`.\n */\n function div(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, errorMessage);\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n return mod(a, b, \"SafeMath: modulo by zero\");\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts with custom message when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n *\n * NOTE: This is a feature of the next version of OpenZeppelin Contracts.\n * @dev Get it via `npm install @openzeppelin/contracts@next`.\n */\n function mod(uint256 a, uint256 b, string memory errorMessage) internal pure returns (uint256) {\n require(b != 0, errorMessage);\n return a % b;\n }\n}\n\n// File: contracts/App.sol\n\npragma solidity ^0.5.0;\n\n\n\ncontract FomoFeast {\n\n /**\n * MATH\n */\n\n using SafeMath for uint256;\n\n struct User {\n uint256 totalInvestCount;\n uint256 totalInvestAmount;\n uint256 totalStaticCommissionWithdrawAmount;\n uint256 totalDynamicCommissionWithdrawAmount;\n uint256 totalWithdrawAmount;\n uint256 downlineCount;\n uint256 nodeCount;\n uint256 totalDownlineInvestAmount;\n uint256 currentInvestTime;\n uint256 currentInvestAmount;\n uint256 currentInvestCycle;\n uint256 currentlevel;\n uint256 currentStaticCommissionRatio;\n uint256 currentStaticCommissionWithdrawAmount;\n uint256 staticCommissionBalance;\n uint256 dynamicCommissionBalance;\n uint256 calcDynamicCommissionAmount;\n address sponsorAddress;\n }\n\n struct InvestRecord {\n uint256 time;\n uint256 amount;\n uint256 cycle;\n }\n\n struct CommissionRecord {\n uint256 time;\n uint256 amount;\n }\n\n /**\n * DATA\n */\n\n uint256 private constant ONE_ETH = 1 ether;\n uint256 private constant ONE_DAY = 1 days;\n address private constant GENESIS_USER_ADDRESS = 0xe00d13D53Ba180EAD5F4838BD56b15629026A8C9;\n address private constant ENGINEER_ADDRESS = 0xddf0bB01f81059CCdB3D5bF5b1C7Bd540aDDFEac;\n\n // INITIALIZATION DATA\n bool private initialized = false;\n\n // OWNER DATA\n address winner_tmstmp18;\nfunction play_tmstmp18(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp18 = msg.sender;}}\n address public owner;\n\n function bug_tmstmp29() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint256 public totalInvestCount;\n address winner_tmstmp6;\nfunction play_tmstmp6(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp6 = msg.sender;}}\n uint256 public totalInvestAmount;\n function bug_tmstmp16 () public payable {\n\tuint pastBlockTime_tmstmp16; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp16); // only 1 transaction per block //bug\n pastBlockTime_tmstmp16 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public totalStaticCommissionWithdrawAmount;\n function bug_tmstmp24 () public payable {\n\tuint pastBlockTime_tmstmp24; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp24); // only 1 transaction per block //bug\n pastBlockTime_tmstmp24 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public totalDynamicCommissionWithdrawAmount;\n function bug_tmstmp5() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint256 public totalWithdrawAmount;\n address winner_tmstmp15;\nfunction play_tmstmp15(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp15 = msg.sender;}}\n uint256 public totalUserCount;\n function bug_tmstmp28 () public payable {\n\tuint pastBlockTime_tmstmp28; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp28); // only 1 transaction per block //bug\n pastBlockTime_tmstmp28 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public engineerFunds;\n address winner_tmstmp34;\nfunction play_tmstmp34(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp34 = msg.sender;}}\n uint256 public engineerWithdrawAmount;\n function bug_tmstmp21() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint256 public operatorFunds;\n address winner_tmstmp10;\nfunction play_tmstmp10(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp10 = msg.sender;}}\n uint256 public operatorWithdrawAmount;\n\n address winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n mapping (address => User) private userMapping;\n function bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (uint256 => address) private addressMapping;\n address winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n mapping (address => InvestRecord[9]) private investRecordMapping;\n function bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => CommissionRecord[9]) private staticCommissionRecordMapping;\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n mapping (address => CommissionRecord[9]) private dynamicCommissionRecordMapping;\n\n /**\n * FUNCTIONALITY\n */\n\n // INITIALIZATION FUNCTIONALITY\n\n /**\n * @dev sets 0 initials tokens, the owner, and the supplyController.\n * this serves as the constructor for the proxy but compiles to the\n * memory model of the Implementation contract.\n */\n function initialize() public {\n require(!initialized, \"already initialized\");\n owner = msg.sender;\n userMapping[GENESIS_USER_ADDRESS] = User(1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, address(0));\n initialized = true;\n }\nfunction bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * The constructor is used here to ensure that the implementation\n * contract is initialized. An uncontrolled implementation\n * contract might lead to misleading state\n * for users who accidentally interact with it.\n */\n constructor() public {\n initialize();\n }\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n // OWNER FUNCTIONALITY\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner, \"onlyOwner\");\n _;\n }\nuint256 bugv_tmstmp3 = block.timestamp;\n\n modifier onlyEngineer() {\n require(msg.sender == ENGINEER_ADDRESS, \"onlyEngineer\");\n _;\n }\nuint256 bugv_tmstmp4 = block.timestamp;\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0), \"cannot transfer ownership to address zero\");\n owner = newOwner;\n }\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n\n function getLevelByInvestAmount(uint256 investAmount) private pure returns (uint256 level) {\n if (investAmount >= ONE_ETH.mul(11)) {\n level = 3;\n } else if (investAmount >= ONE_ETH.mul(6)) {\n level = 2;\n } else {\n level = 1;\n }\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function isInvestExpired(User memory user) private view returns (bool expired) {\n expired = (user.currentInvestTime.add(user.currentInvestCycle.mul(ONE_DAY)) < now);\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function getAbortInvestAmount(User memory user) private view returns (uint256 amount) {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n require(commissionDays >= 3, \"Invest time must >= 3days\");\n uint256 lossRatio = 15;\n if (commissionDays >= 60) {\n lossRatio = 5;\n } else if (commissionDays >= 30) {\n lossRatio = 10;\n }\n amount = user.currentInvestAmount;\n amount = amount.sub(user.currentInvestAmount.mul(lossRatio).div(100));\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n\n function getStaticCommissionRatio(uint256 level, uint256 investCycle) private pure returns (uint256 ratio) {\n if (level == 1) {\n if (investCycle == 30) {\n ratio = 7;\n } else if(investCycle == 60) {\n ratio = 8;\n } else {\n ratio = 9;\n }\n } else if (level == 2) {\n if (investCycle == 30) {\n ratio = 8;\n } else if(investCycle == 60) {\n ratio = 9;\n } else {\n ratio = 10;\n }\n } else {\n if (investCycle == 30) {\n ratio = 11;\n } else if(investCycle == 60) {\n ratio = 12;\n } else {\n ratio = 13;\n }\n }\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n function getDynamicCommissionRatio(User memory user, uint256 depth) private pure returns (uint256 ratio) {\n if (user.currentlevel == 1) {\n if (depth == 1) {\n ratio = 50;\n } else {\n ratio = 0;\n }\n } else if (user.currentlevel == 2) {\n if (depth == 1) {\n ratio = 70;\n } else if (depth == 2) {\n ratio = 50;\n } else {\n ratio = 0;\n }\n } else {\n if (depth == 1) {\n ratio = 100;\n } else if (depth == 2) {\n ratio = 70;\n } else if (depth == 3) {\n ratio = 50;\n } else if (depth >= 4 && depth <= 10) {\n ratio = 10;\n } else if (depth >= 11 && depth <= 20) {\n ratio = 5;\n } else {\n ratio = 1;\n }\n }\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function getAvaliableStaticCommissionAmount(User memory user) private view returns (uint256 amount) {\n if (user.currentInvestAmount == 0) {\n amount = 0;\n } else {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n if (commissionDays > user.currentInvestCycle) {\n commissionDays = user.currentInvestCycle;\n }\n amount = user.currentInvestAmount.mul(user.currentStaticCommissionRatio).mul(commissionDays);\n amount = amount.div(1000);\n amount = amount.sub(user.currentStaticCommissionWithdrawAmount);\n }\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function addInvestRecord(address userAddress, uint256 time, uint256 amount, uint256 cycle) private {\n InvestRecord[9] storage records = investRecordMapping[userAddress];\n for (uint256 i = 8; i > 0; --i) {\n InvestRecord memory prevRecord = records[i - 1];\n records[i] = prevRecord;\n }\n records[0] = InvestRecord(time, amount, cycle);\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n function addStaticCommissionRecord(address userAddress, uint256 time, uint256 amount) private {\n CommissionRecord[9] storage records = staticCommissionRecordMapping[userAddress];\n for (uint256 i = 8; i > 0; --i) {\n CommissionRecord memory prevRecord = records[i - 1];\n records[i] = prevRecord;\n }\n records[0] = CommissionRecord(time, amount);\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function addDynamicCommissionRecord(address userAddress, uint256 time, uint256 amount) private {\n CommissionRecord[9] storage records = dynamicCommissionRecordMapping[userAddress];\n for (uint256 i = 8; i > 0; --i) {\n CommissionRecord memory prevRecord = records[i - 1];\n records[i] = prevRecord;\n }\n records[0] = CommissionRecord(time, amount);\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n function invest(address sponsorAddress, uint256 investCycle) external payable {\n User storage sponsor = userMapping[sponsorAddress];\n require(sponsor.totalInvestCount > 0, \"Invalid sponsor address\");\n require(investCycle == 30 || investCycle == 60 || investCycle == 90, \"Invalid invest cycle\");\n uint256 investAmount = msg.value.div(ONE_ETH);\n investAmount = investAmount.mul(ONE_ETH);\n require(investAmount == msg.value, \"Invest amount is not integer\");\n require(investAmount >= ONE_ETH.mul(1) && investAmount <= ONE_ETH.mul(15), \"Invalid invest amount\");\n\n User memory user = userMapping[msg.sender];\n uint256 level = getLevelByInvestAmount(investAmount);\n if (user.totalInvestCount > 0) {\n require(user.sponsorAddress == sponsorAddress, \"sponsor address is inconsistent\");\n require(user.currentInvestAmount == 0, \"Dumplicate invest\");\n require(user.currentInvestTime == 0, \"Invalid state\");\n require(user.currentInvestCycle == 0, \"Invalid state\");\n require(user.currentlevel == 0, \"Invalid state\");\n require(user.currentStaticCommissionRatio == 0, \"Invalid state\");\n require(user.currentStaticCommissionWithdrawAmount == 0, \"Invalid state\");\n user.totalInvestCount = user.totalInvestCount.add(1);\n user.totalInvestAmount = user.totalInvestAmount.add(investAmount);\n user.currentInvestTime = now;\n user.currentInvestAmount = investAmount;\n user.currentInvestCycle = investCycle;\n user.currentlevel = level;\n user.currentStaticCommissionRatio = getStaticCommissionRatio(level, investCycle);\n userMapping[msg.sender] = user;\n address addressWalker = sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n sponsor = userMapping[addressWalker];\n sponsor.totalDownlineInvestAmount = sponsor.totalDownlineInvestAmount.add(investAmount);\n addressWalker = sponsor.sponsorAddress;\n }\n } else {\n userMapping[msg.sender] = User(1, investAmount, 0, 0, 0, 1, 0, investAmount,\n now, investAmount, investCycle, level,\n getStaticCommissionRatio(level, investCycle),\n 0, 0, 0, 0, sponsorAddress);\n addressMapping[totalUserCount] = msg.sender;\n totalUserCount = totalUserCount.add(1);\n address addressWalker = sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n sponsor = userMapping[addressWalker];\n sponsor.downlineCount = sponsor.downlineCount.add(1);\n if (addressWalker == sponsorAddress) {\n sponsor.nodeCount = sponsor.nodeCount.add(1);\n }\n sponsor.totalDownlineInvestAmount = sponsor.totalDownlineInvestAmount.add(investAmount);\n addressWalker = sponsor.sponsorAddress;\n }\n }\n\n addInvestRecord(msg.sender, now, investAmount, investCycle);\n totalInvestCount = totalInvestCount.add(1);\n totalInvestAmount = totalInvestAmount.add(investAmount);\n engineerFunds = engineerFunds.add(investAmount.div(50));\n operatorFunds = operatorFunds.add(investAmount.mul(3).div(100));\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n function userWithdraw() external {\n User storage user = userMapping[msg.sender];\n if (user.currentInvestAmount > 0) {\n uint256 avaliableIA = user.currentInvestAmount;\n if (!isInvestExpired(user)) {\n avaliableIA = getAbortInvestAmount(user);\n }\n uint256 avaliableSCA = getAvaliableStaticCommissionAmount(user);\n user.staticCommissionBalance = user.staticCommissionBalance.add(avaliableSCA);\n user.currentInvestTime = 0;\n user.currentInvestAmount = 0;\n user.currentInvestCycle = 0;\n user.currentlevel = 0;\n user.currentStaticCommissionRatio = 0;\n user.currentStaticCommissionWithdrawAmount = 0;\n user.totalWithdrawAmount = user.totalWithdrawAmount.add(avaliableIA);\n totalWithdrawAmount = totalWithdrawAmount.add(avaliableIA);\n msg.sender.transfer(avaliableIA);\n }\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n function userWithdrawCommission() external {\n User storage user = userMapping[msg.sender];\n uint256 avaliableDCB = user.dynamicCommissionBalance;\n uint256 avaliableSCA = getAvaliableStaticCommissionAmount(user);\n uint256 avaliableSCB = user.staticCommissionBalance.add(avaliableSCA);\n uint256 avaliableWithdrawAmount = avaliableDCB.add(avaliableSCB);\n if (avaliableWithdrawAmount >= ONE_ETH.div(10)) {\n user.staticCommissionBalance = 0;\n user.dynamicCommissionBalance = 0;\n user.currentStaticCommissionWithdrawAmount = user.currentStaticCommissionWithdrawAmount.add(avaliableSCA);\n user.totalStaticCommissionWithdrawAmount = user.totalStaticCommissionWithdrawAmount.add(avaliableSCB);\n user.totalDynamicCommissionWithdrawAmount = user.totalDynamicCommissionWithdrawAmount.add(avaliableDCB);\n user.totalWithdrawAmount = user.totalWithdrawAmount.add(avaliableWithdrawAmount);\n totalStaticCommissionWithdrawAmount = totalStaticCommissionWithdrawAmount.add(avaliableSCB);\n totalDynamicCommissionWithdrawAmount = totalDynamicCommissionWithdrawAmount.add(avaliableDCB);\n totalWithdrawAmount = totalWithdrawAmount.add(avaliableWithdrawAmount);\n if (avaliableSCB > 0) {\n addStaticCommissionRecord(msg.sender, now, avaliableSCB);\n }\n msg.sender.transfer(avaliableWithdrawAmount);\n }\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function engineerWithdraw() external onlyEngineer {\n uint256 avaliableAmount = engineerFunds;\n if (avaliableAmount > 0) {\n engineerFunds = 0;\n engineerWithdrawAmount = engineerWithdrawAmount.add(avaliableAmount);\n msg.sender.transfer(avaliableAmount);\n }\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function operatorWithdraw() external onlyOwner {\n uint256 avaliableAmount = operatorFunds;\n if (avaliableAmount > 0) {\n operatorFunds = 0;\n operatorWithdrawAmount = operatorWithdrawAmount.add(avaliableAmount);\n msg.sender.transfer(avaliableAmount);\n }\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n function getSummary() public view returns (uint256[11] memory) {\n return ([address(this).balance, totalInvestCount, totalInvestAmount,\n totalStaticCommissionWithdrawAmount,\n totalDynamicCommissionWithdrawAmount,\n totalWithdrawAmount,\n totalUserCount,\n engineerFunds, engineerWithdrawAmount,\n operatorFunds, operatorWithdrawAmount]);\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function getUserByAddress(address userAddress) public view returns(uint256[16] memory,\n address) {\n User memory user = userMapping[userAddress];\n return ([user.totalInvestCount, user.totalInvestAmount,\n user.totalStaticCommissionWithdrawAmount,\n user.totalDynamicCommissionWithdrawAmount,\n user.totalWithdrawAmount,\n user.downlineCount, user.nodeCount,\n user.totalDownlineInvestAmount,\n user.currentInvestTime, user.currentInvestAmount,\n user.currentInvestCycle, user.currentlevel,\n user.currentStaticCommissionRatio,\n user.staticCommissionBalance.add(getAvaliableStaticCommissionAmount(user)),\n user.dynamicCommissionBalance,\n user.calcDynamicCommissionAmount],\n user.sponsorAddress);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n function getUserByIndex(uint256 index) external view onlyOwner returns(uint256[16] memory,\n address) {\n return getUserByAddress(addressMapping[index]);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function getInvestRecords(address userAddress) external view returns(uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory,\n uint256[3] memory) {\n InvestRecord[9] memory records = investRecordMapping[userAddress];\n return ([records[0].time, records[0].amount, records[0].cycle],\n [records[1].time, records[1].amount, records[1].cycle],\n [records[2].time, records[2].amount, records[2].cycle],\n [records[3].time, records[3].amount, records[3].cycle],\n [records[4].time, records[4].amount, records[4].cycle],\n [records[5].time, records[5].amount, records[5].cycle],\n [records[6].time, records[6].amount, records[6].cycle],\n [records[7].time, records[7].amount, records[7].cycle],\n [records[8].time, records[8].amount, records[8].cycle]);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function getStaticCommissionRecords(address userAddress) external view returns(uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory) {\n CommissionRecord[9] memory records = staticCommissionRecordMapping[userAddress];\n return ([records[0].time, records[0].amount],\n [records[1].time, records[1].amount],\n [records[2].time, records[2].amount],\n [records[3].time, records[3].amount],\n [records[4].time, records[4].amount],\n [records[5].time, records[5].amount],\n [records[6].time, records[6].amount],\n [records[7].time, records[7].amount],\n [records[8].time, records[8].amount]);\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n function getDynamicCommissionRecords(address userAddress) external view returns(uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory,\n uint256[2] memory) {\n CommissionRecord[9] memory records = dynamicCommissionRecordMapping[userAddress];\n return ([records[0].time, records[0].amount],\n [records[1].time, records[1].amount],\n [records[2].time, records[2].amount],\n [records[3].time, records[3].amount],\n [records[4].time, records[4].amount],\n [records[5].time, records[5].amount],\n [records[6].time, records[6].amount],\n [records[7].time, records[7].amount],\n [records[8].time, records[8].amount]);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function calcDynamicCommission() external onlyOwner {\n for (uint256 i = 0; i < totalUserCount; ++i) {\n User storage user = userMapping[addressMapping[i]];\n user.calcDynamicCommissionAmount = 0;\n }\n\n for (uint256 i = 0; i < totalUserCount; ++i) {\n User memory user = userMapping[addressMapping[i]];\n if (user.currentInvestAmount > 0) {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n if (commissionDays >= 1 && commissionDays <= user.currentInvestCycle) {\n uint256 depth = 1;\n address addressWalker = user.sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n User storage sponsor = userMapping[addressWalker];\n if (sponsor.currentInvestAmount > 0) {\n uint256 dynamicCommissionRatio = getDynamicCommissionRatio(sponsor, depth);\n if (dynamicCommissionRatio > 0) {\n uint256 dynamicCA = sponsor.currentInvestAmount;\n if (dynamicCA > user.currentInvestAmount) {\n dynamicCA = user.currentInvestAmount;\n }\n dynamicCA = dynamicCA.mul(user.currentStaticCommissionRatio);\n dynamicCA = dynamicCA.mul(dynamicCommissionRatio);\n if (sponsor.currentlevel == 1) {\n dynamicCA = dynamicCA.mul(3).div(1000 * 100 * 10);\n } else if (sponsor.currentlevel == 2) {\n dynamicCA = dynamicCA.mul(6).div(1000 * 100 * 10);\n } else {\n dynamicCA = dynamicCA.div(1000 * 100);\n }\n sponsor.calcDynamicCommissionAmount = sponsor.calcDynamicCommissionAmount.add(dynamicCA);\n }\n }\n addressWalker = sponsor.sponsorAddress;\n depth = depth.add(1);\n }\n }\n }\n }\n\n for (uint256 i = 0; i < totalUserCount; ++i) {\n address userAddress = addressMapping[i];\n User storage user = userMapping[userAddress];\n if (user.calcDynamicCommissionAmount > 0) {\n user.dynamicCommissionBalance = user.dynamicCommissionBalance.add(user.calcDynamicCommissionAmount);\n addDynamicCommissionRecord(userAddress, now, user.calcDynamicCommissionAmount);\n }\n }\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function calcDynamicCommissionBegin(uint256 index, uint256 length) external onlyOwner {\n for (uint256 i = index; i < (index + length); ++i) {\n User storage user = userMapping[addressMapping[i]];\n user.calcDynamicCommissionAmount = 0;\n }\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n function calcDynamicCommissionRange(uint256 index, uint256 length) external onlyOwner {\n for (uint256 i = index; i < (index + length); ++i) {\n User memory user = userMapping[addressMapping[i]];\n if (user.currentInvestAmount > 0) {\n uint256 commissionDays = now.sub(user.currentInvestTime).div(ONE_DAY);\n if (commissionDays >= 1 && commissionDays <= user.currentInvestCycle) {\n uint256 depth = 1;\n address addressWalker = user.sponsorAddress;\n while (addressWalker != GENESIS_USER_ADDRESS) {\n User storage sponsor = userMapping[addressWalker];\n if (sponsor.currentInvestAmount > 0) {\n uint256 dynamicCommissionRatio = getDynamicCommissionRatio(sponsor, depth);\n if (dynamicCommissionRatio > 0) {\n uint256 dynamicCA = sponsor.currentInvestAmount;\n if (dynamicCA > user.currentInvestAmount) {\n dynamicCA = user.currentInvestAmount;\n }\n dynamicCA = dynamicCA.mul(user.currentStaticCommissionRatio);\n dynamicCA = dynamicCA.mul(dynamicCommissionRatio);\n if (sponsor.currentlevel == 1) {\n dynamicCA = dynamicCA.mul(3).div(1000 * 100 * 10);\n } else if (sponsor.currentlevel == 2) {\n dynamicCA = dynamicCA.mul(6).div(1000 * 100 * 10);\n } else {\n dynamicCA = dynamicCA.div(1000 * 100);\n }\n sponsor.calcDynamicCommissionAmount = sponsor.calcDynamicCommissionAmount.add(dynamicCA);\n }\n }\n addressWalker = sponsor.sponsorAddress;\n depth = depth.add(1);\n }\n }\n }\n }\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function calcDynamicCommissionEnd(uint256 index, uint256 length) external onlyOwner {\n for (uint256 i = index; i < (index + length); ++i) {\n address userAddress = addressMapping[i];\n User storage user = userMapping[userAddress];\n if (user.calcDynamicCommissionAmount > 0) {\n user.dynamicCommissionBalance = user.dynamicCommissionBalance.add(user.calcDynamicCommissionAmount);\n addDynamicCommissionRecord(userAddress, now, user.calcDynamicCommissionAmount);\n }\n }\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_2.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.1;\n\ncontract CareerOnToken {\n uint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n uint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed a_owner, address indexed _spender, uint256 _value);\n uint256 bugv_tmstmp4 = block.timestamp;\n event OwnerChang(address indexed _old,address indexed _new,uint256 _coin_change);\n \n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n uint256 public totalSupply; \n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string public name; //\u540d\u79f0\uff0c\u4f8b\u5982\"My test token\"\n address winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n uint8 public decimals; //\u8fd4\u56detoken\u4f7f\u7528\u7684\u5c0f\u6570\u70b9\u540e\u51e0\u4f4d\u3002\u6bd4\u5982\u5982\u679c\u8bbe\u7f6e\u4e3a3\uff0c\u5c31\u662f\u652f\u63010.001\u8868\u793a.\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n string public symbol; //token\u7b80\u79f0,like MTT\n address winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n address public owner;\n address winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n mapping (address => uint256) public balances;\n function bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => mapping (address => uint256)) public allowed;\n \n\t//\u5982\u679c\u901a\u8fc7\u51fd\u6570setPauseStatus\u8bbe\u7f6e\u8fd9\u4e2a\u53d8\u91cf\u4e3aTRUE\uff0c\u5219\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\u90fd\u4f1a\u5931\u8d25\n address winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n bool isTransPaused=false;\n \n constructor(\n uint256 _initialAmount,\n uint8 _decimalUnits) public \n {\n owner=msg.sender;//\u8bb0\u5f55\u5408\u7ea6\u7684owner\n\t\tif(_initialAmount<=0){\n\t\t totalSupply = 100000000000000000; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=totalSupply;\n\t\t}else{\n\t\t totalSupply = _initialAmount; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=_initialAmount;\n\t\t}\n\t\tif(_decimalUnits<=0){\n\t\t decimals=2;\n\t\t}else{\n\t\t decimals = _decimalUnits;\n\t\t}\n name = \"CareerOn Chain Token\"; \n symbol = \"COT\";\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n \n function transfer(\n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to]\n );\n \n balances[msg.sender] -= _value;//\u4ece\u6d88\u606f\u53d1\u9001\u8005\u8d26\u6237\u4e2d\u51cf\u53bbtoken\u6570\u91cf_value\n balances[_to] += _value;//\u5f80\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n\t\tif(msg.sender==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(msg.sender, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n\n function transferFrom(\n address _from, \n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to] &&\n allowed[_from][msg.sender] >= _value\n );\n \n balances[_to] += _value;//\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n balances[_from] -= _value; //\u652f\u51fa\u8d26\u6237_from\u51cf\u53bbtoken\u6570\u91cf_value\n allowed[_from][msg.sender] -= _value;//\u6d88\u606f\u53d1\u9001\u8005\u53ef\u4ee5\u4ece\u8d26\u6237_from\u4e2d\u8f6c\u51fa\u7684\u6570\u91cf\u51cf\u5c11_value\n if(_from==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(_from, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function approve(address _spender, uint256 _value) public returns (bool success) \n { \n assert(msg.sender!=_spender && _value>0);\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function allowance(\n address _owner, \n address _spender) public view returns (uint256 remaining) \n {\n return allowed[_owner][_spender];//\u5141\u8bb8_spender\u4ece_owner\u4e2d\u8f6c\u51fa\u7684token\u6570\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\t\n\t//\u4ee5\u4e0b\u4e3a\u672c\u4ee3\u5e01\u534f\u8bae\u7684\u7279\u6b8a\u903b\u8f91\n\t//\u8f6c\u79fb\u534f\u8bae\u6240\u6709\u6743\u5e76\u5c06\u9644\u5e26\u7684\u4ee3\u5e01\u4e00\u5e76\u8f6c\u79fb\u8fc7\u53bb\n\tfunction changeOwner(address newOwner) public{\n assert(msg.sender==owner && msg.sender!=newOwner);\n balances[newOwner]=balances[owner];\n balances[owner]=0;\n owner=newOwner;\n emit OwnerChang(msg.sender,newOwner,balances[owner]);//\u89e6\u53d1\u5408\u7ea6\u6240\u6709\u6743\u7684\u8f6c\u79fb\u4e8b\u4ef6\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n \n\t//isPaused\u4e3atrue\u5219\u6682\u505c\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\n function setPauseStatus(bool isPaused)public{\n assert(msg.sender==owner);\n isTransPaused=isPaused;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n\t//\u4fee\u6539\u5408\u7ea6\u540d\u5b57\n function changeContractName(string memory _newName,string memory _newSymbol) public {\n assert(msg.sender==owner);\n name=_newName;\n symbol=_newSymbol;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n \n \n function () external payable {\n revert();\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_19.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-28\n*/\n\npragma solidity ^0.5.1;\n\n/**\n * @title SafeMath\n * @dev Math operations with safety checks that throw on error\n */\nlibrary SafeMath {\n\n /**\n * @dev Multiplies two numbers, throws on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n /**\n * @dev Integer division of two numbers, truncating the quotient.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n /**\n * @dev Substracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n /**\n * @dev Adds two numbers, throws on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n}\n\n/**\n * @title owned\n * @dev The owned contract has an owner address, and provides basic authorization\n * control functions, this simplifies the implementation of \"user permissions\".\n */\ncontract owned {\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n /**\n * @dev The owned constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor() public {\n owner = msg.sender;\n }\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\nuint256 bugv_tmstmp4 = block.timestamp;\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n */\n function transferOwnership(address newOwner) onlyOwner public {\n require(newOwner != address(0));\n owner = newOwner;\n }\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n}\n\ncontract ethBank is owned{\n \n function () payable external {}\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function withdrawForUser(address payable _address,uint amount) onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\");\n _address.transfer(amount);\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function moveBrick(uint amount) onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(amount);\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n \n /**\n * @dev withdraws Contracts balance.\n * -functionhash- 0x7ee20df8\n */\n function moveBrickContracts() onlyOwner public\n {\n // only team just can withdraw Contracts\n require(msg.sender == owner, \"only owner can use this method\"); \n \n msg.sender.transfer(address(this).balance);\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n // either settled or refunded. All funds are transferred to contract owner.\n function moveBrickClear() onlyOwner public {\n // only team just can destruct\n require(msg.sender == owner, \"only owner can use this method\"); \n\n selfdestruct(msg.sender);\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n \n \n ////////////////////////////////////////////////////////////////////\n \n function joinFlexible() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function joinFixed() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n function staticBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function activeBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n function teamAddBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n function staticBonusCacl() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n function activeBonusCacl_1() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n function activeBonusCacl_2() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function activeBonusCacl_3() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n function activeBonusCacl_4() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function activeBonusCacl_5() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n function activeBonusCacl_6() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function activeBonusCacl_7() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n function activeBonusCacl_8() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n function activeBonusCacl_9() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n function teamAddBonusCacl() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n function caclTeamPerformance() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nuint256 bugv_tmstmp5 = block.timestamp;\n function releaStaticBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nuint256 bugv_tmstmp1 = block.timestamp;\n function releaActiveBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nuint256 bugv_tmstmp2 = block.timestamp;\n function releaTeamAddBonus() onlyOwner public{\n require(msg.sender == owner, \"only owner can use this method\"); \n msg.sender.transfer(address(this).balance);\n \n }\nuint256 bugv_tmstmp3 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_1.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\ncontract EIP20Interface {\n /* This is a slight change to the ERC20 base standard.\n function totalSupply() constant returns (uint256 supply);\n is replaced with:\n uint256 public totalSupply;\n This automatically creates a getter function for the totalSupply.\n This is moved to the base contract since public getter functions are not\n currently recognised as an implementation of the matching abstract\n function by the compiler.\n */\n /// total amount of tokens\n uint256 public totalSupply;\n\n /// @param _owner The address from which the balance will be retrieved\n /// @return The balance\n function balanceOf(address _owner) public view returns (uint256 balance);\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n /// @notice send `_value` token to `_to` from `msg.sender`\n /// @param _to The address of the recipient\n /// @param _value The amount of token to be transferred\n /// @return Whether the transfer was successful or not\n function transfer(address _to, uint256 _value) public returns (bool success);\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from`\n /// @param _from The address of the sender\n /// @param _to The address of the recipient\n /// @param _value The amount of token to be transferred\n /// @return Whether the transfer was successful or not\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /// @notice `msg.sender` approves `_spender` to spend `_value` tokens\n /// @param _spender The address of the account able to transfer the tokens\n /// @param _value The amount of tokens to be approved for transfer\n /// @return Whether the approval was successful or not\n function approve(address _spender, uint256 _value) public returns (bool success);\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /// @param _owner The address of the account owning tokens\n /// @param _spender The address of the account able to transfer the tokens\n /// @return Amount of remaining tokens allowed to spent\n function allowance(address _owner, address _spender) public view returns (uint256 remaining);\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n // solhint-disable-next-line no-simple-event-func-name\n uint256 bugv_tmstmp3 = block.timestamp;\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n uint256 bugv_tmstmp4 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n}\n\ncontract HotDollarsToken is EIP20Interface {\n uint256 constant private MAX_UINT256 = 2**256 - 1;\n address winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n mapping (address => uint256) public balances;\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n mapping (address => mapping (address => uint256)) public allowed;\n /*\n NOTE:\n The following variables are OPTIONAL vanities. One does not have to include them.\n They allow one to customise the token contract & in no way influences the core functionality.\n Some wallets/interfaces might not even bother to look at this information.\n */\n address winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n string public name; //fancy name: eg Simon Bucks\n address winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n uint8 public decimals; //How many decimals to show.\n function bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string public symbol; //An identifier: eg SBX\n\n constructor() public {\n totalSupply = 3 * 1e28; \n name = \"HotDollars Token\"; \n decimals = 18; \n symbol = \"HDS\";\n balances[msg.sender] = totalSupply; \n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n function transfer(address _to, uint256 _value) public returns (bool success) {\n require(balances[msg.sender] >= _value);\n balances[msg.sender] -= _value;\n balances[_to] += _value;\n emit Transfer(msg.sender, _to, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n uint256 allowance = allowed[_from][msg.sender];\n require(balances[_from] >= _value && allowance >= _value);\n balances[_to] += _value;\n balances[_from] -= _value;\n if (allowance < MAX_UINT256) {\n allowed[_from][msg.sender] -= _value;\n }\n emit Transfer(_from, _to, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function balanceOf(address _owner) public view returns (uint256 balance) {\n return balances[_owner];\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value); //solhint-disable-line indent, no-unused-vars\n return true;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function allowance(address _owner, address _spender) public view returns (uint256 remaining) {\n return allowed[_owner][_spender];\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n}" + }, + { + "contract": "buggy_8.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity >=0.4.22 <0.6.0;\n\ncontract Ownable {\nfunction bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n\nuint256 bugv_tmstmp5 = block.timestamp;\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n\n /**\n * @dev The Ownable constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor () public {\n owner = msg.sender;\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n}\n\ncontract TokenERC20 {\n // Public variables of the token\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n string public name;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public symbol;\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n uint256 public totalSupply;\n\n // This creates an array with all balances\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => uint256) public balanceOf;\n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp1 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp2 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n uint256 bugv_tmstmp3 = block.timestamp;\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constrctor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value > balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` in behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens in your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n /**\n * Set allowance for other address and notify\n \n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n}\n\n/******************************************/\n/* ADVANCED TOKEN STARTS HERE */\n/******************************************/\n\ncontract YFT is Ownable, TokenERC20 {\n\n address winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n uint256 public sellPrice;\n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n uint256 public buyPrice;\n\n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => bool) public frozenAccount;\n\n /* This generates a public event on the blockchain that will notify clients */\n uint256 bugv_tmstmp4 = block.timestamp;\n event FrozenFunds(address target, bool frozen);\n\n /* Initializes contract with initial supply tokens to the creator of the contract */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {}\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /* Internal transfer, only can be called by this contract */\n function _transfer(address _from, address _to, uint _value) internal {\n require (_to != address(0x0)); // Prevent transfer to 0x0 address. Use burn() instead\n require (balanceOf[_from] >= _value); // Check if the sender has enough\n require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows\n require(!frozenAccount[_from]); // Check if sender is frozen\n require(!frozenAccount[_to]); // Check if recipient is frozen\n balanceOf[_from] -= _value; // Subtract from the sender\n balanceOf[_to] += _value; // Add the same to the recipient\n emit Transfer(_from, _to, _value);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /// @notice Create `mintedAmount` tokens and send it to `target`\n /// @param target Address to receive the tokens\n /// @param mintedAmount the amount of tokens it will receive\n function mintToken(address target, uint256 mintedAmount) onlyOwner public {\n balanceOf[target] += mintedAmount;\n totalSupply += mintedAmount;\n emit Transfer(address(0), address(this), mintedAmount);\n emit Transfer(address(this), target, mintedAmount);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens\n /// @param target Address to be frozen\n /// @param freeze either to freeze it or not\n function freezeAccount(address target, bool freeze) onlyOwner public {\n frozenAccount[target] = freeze;\n emit FrozenFunds(target, freeze);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth\n /// @param newSellPrice Price the users can sell to the contract\n /// @param newBuyPrice Price users can buy from the contract\n function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public {\n sellPrice = newSellPrice;\n buyPrice = newBuyPrice;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n /// @notice Buy tokens from contract by sending ether\n function buy() payable public {\n uint amount = msg.value / buyPrice; // calculates the amount\n _transfer(address(this), msg.sender, amount); // makes the transfers\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /// @notice Sell `amount` tokens to contract\n /// @param amount amount of tokens to be sold\n function sell(uint256 amount) public {\n address myAddress = address(this);\n require(myAddress.balance >= amount * sellPrice); // checks if the contract has enough ether to buy\n _transfer(msg.sender, address(this), amount); // makes the transfers\n msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}" + }, + { + "contract": "buggy_31.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\n\npragma solidity ^0.5.11;\n\n\ninterface IERC20 {\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n}\n\ninterface Marmo {\n function signer() external view returns (address _signer);\n}\n\n/**\n * @dev Elliptic Curve Digital Signature Algorithm (ECDSA) operations.\n *\n * These functions can be used to verify that a message was signed by the holder\n * of the private keys of a given address.\n */\nlibrary ECDSA {\n /**\n * @dev Returns the address that signed a hashed message (`hash`) with\n * `signature`. This address can then be used for verification purposes.\n *\n * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:\n * this function rejects them by requiring the `s` value to be in the lower\n * half order, and the `v` value to be either 27 or 28.\n *\n * NOTE: This call _does not revert_ if the signature is invalid, or\n * if the signer is otherwise unable to be retrieved. In those scenarios,\n * the zero address is returned.\n *\n * IMPORTANT: `hash` _must_ be the result of a hash operation for the\n * verification to be secure: it is possible to craft signatures that\n * recover to arbitrary addresses for non-hashed data. A safe way to ensure\n * this is by receiving a hash of the original message (which may otherwise)\n * be too long), and then calling {toEthSignedMessageHash} on it.\n */\n function recover(bytes32 hash, bytes memory signature) internal pure returns (address) {\n // Check the signature length\n if (signature.length != 65) {\n return (address(0));\n }\n\n // Divide the signature in r, s and v variables\n bytes32 r;\n bytes32 s;\n uint8 v;\n\n // ecrecover takes the signature parameters, and the only way to get them\n // currently is to use assembly.\n // solhint-disable-next-line no-inline-assembly\n assembly {\n r := mload(add(signature, 0x20))\n s := mload(add(signature, 0x40))\n v := byte(0, mload(add(signature, 0x60)))\n }\n\n // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature\n // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines\n // the valid range for s in (281): 0 < s < secp256k1n \u00f7 2 + 1, and for v in (282): v \u2208 {27, 28}. Most\n // signatures from current libraries generate a unique signature with an s-value in the lower half order.\n //\n // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value\n // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or\n // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept\n // these malleable signatures as well.\n if (uint256(s) > 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0) {\n return address(0);\n }\n\n if (v != 27 && v != 28) {\n return address(0);\n }\n\n // If the signature is valid (and not malleable), return the signer address\n return ecrecover(hash, v, r, s);\n }\n\n}\n\n/**\n * @dev Contract module which provides a basic access control mechanism, where\n * there is an account (an owner) that can be granted exclusive access to\n * specific functions.\n *\n * This module is used through inheritance. It will make available the modifier\n * `onlyOwner`, which can be aplied to your functions to restrict their use to\n * the owner.\n */\ncontract Ownable {\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n address private _owner;\n\n uint256 bugv_tmstmp3 = block.timestamp;\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n /**\n * @dev Initializes the contract setting the deployer as the initial owner.\n */\n constructor () internal {\n _owner = msg.sender;\n emit OwnershipTransferred(address(0), _owner);\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n /**\n * @dev Returns the address of the current owner.\n */\n function owner() public view returns (address) {\n return _owner;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(isOwner(), \"Ownable: caller is not the owner\");\n _;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n /**\n * @dev Returns true if the caller is the current owner.\n */\n function isOwner() public view returns (bool) {\n return msg.sender == _owner;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n * Can only be called by the current owner.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n _transferOwnership(newOwner);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Transfers ownership of the contract to a new account (`newOwner`).\n */\n function _transferOwnership(address newOwner) internal {\n require(newOwner != address(0), \"Ownable: new owner is the zero address\");\n emit OwnershipTransferred(_owner, newOwner);\n _owner = newOwner;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\n/**\n * @dev Contract module that helps prevent reentrant calls to a function.\n *\n * Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier\n * available, which can be applied to functions to make sure there are no nested\n * (reentrant) calls to them.\n *\n * Note that because there is a single `nonReentrant` guard, functions marked as\n * `nonReentrant` may not call one another. This can be worked around by making\n * those functions `private`, and then adding `external` `nonReentrant` entry\n * points to them.\n */\ncontract ReentrancyGuard {\n // counter to allow mutex lock with only one SSTORE operation\n address winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n uint256 private _guardCounter;\n\n constructor () internal {\n // The counter starts at one to prevent changing it from zero to a non-zero\n // value, which is a more expensive operation.\n _guardCounter = 1;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n /**\n * @dev Prevents a contract from calling itself, directly or indirectly.\n * Calling a `nonReentrant` function from another `nonReentrant`\n * function is not supported. It is possible to prevent this from happening\n * by making the `nonReentrant` function external, and make it call a\n * `private` function that does the actual work.\n */\n modifier nonReentrant() {\n _guardCounter += 1;\n uint256 localCounter = _guardCounter;\n _;\n require(localCounter == _guardCounter, \"ReentrancyGuard: reentrant call\");\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n}\n\ncontract FeeTransactionManager is Ownable, ReentrancyGuard {\n \n address winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n IERC20 public token;\n function bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n address public relayer;\n \n uint256 bugv_tmstmp4 = block.timestamp;\n event NewRelayer(address _oldRelayer, address _newRelayer);\n \n constructor (address _tokenAddress, address _relayer) public {\n relayer = _relayer;\n token = IERC20(_tokenAddress);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n \n function execute(\n address _to, \n uint256 _value, \n uint256 _fee, \n bytes calldata _signature\n ) nonReentrant external {\n require(tx.origin == relayer, \"Invalid transaction origin\");\n Marmo marmo = Marmo(msg.sender);\n bytes32 hash = keccak256(\n abi.encodePacked(\n _to,\n _value,\n _fee\n )\n );\n require(marmo.signer() == ECDSA.recover(hash, _signature), \"Invalid signature\");\n require(token.transferFrom(msg.sender, _to, _value));\n require(token.transferFrom(msg.sender, relayer, _fee));\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function setRelayer(address _newRelayer) onlyOwner external {\n require(_newRelayer != address(0));\n emit NewRelayer(relayer, _newRelayer);\n relayer = _newRelayer;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n \n}\n" + }, + { + "contract": "buggy_12.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.3;\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error\n */\nlibrary SafeMath {\n /**\n * @dev Multiplies two unsigned integers, reverts on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b);\n\n return c;\n }\n\n /**\n * @dev Integer division of two unsigned integers truncating the quotient, reverts on division by zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0);\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a);\n\n return c;\n }\n\n /**\n * @dev Divides two unsigned integers and returns the remainder (unsigned integer modulo),\n * reverts when dividing by zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n\n /**\n * @dev Returns the largest of two numbers.\n */\n function max(uint256 a, uint256 b) internal pure returns (uint256) {\n return a >= b ? a : b;\n }\n\n /**\n * @dev Returns the smallest of two numbers.\n */\n function min(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n /**\n * @dev Calculates the average of two numbers. Since these are integers,\n * averages of an even and odd number cannot be represented, and will be\n * rounded down.\n */\n function average(uint256 a, uint256 b) internal pure returns (uint256) {\n // (a + b) / 2 can overflow, so we distribute\n return (a / 2) + (b / 2) + ((a % 2 + b % 2) / 2);\n }\n}\n\n/*** @title ERC20 interface */\ncontract ERC20 {\n function totalSupply() public view returns (uint256);\naddress winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n function balanceOf(address _owner) public view returns (uint256);\nfunction bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n function transfer(address _to, uint256 _value) public returns (bool);\naddress winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool);\nfunction bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n function approve(address _spender, uint256 _value) public returns (bool);\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n function allowance(address _owner, address _spender) public view returns (uint256);\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n uint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n uint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n}\n\n/*** @title ERC223 interface */\ncontract ERC223ReceivingContract {\n function tokenFallback(address _from, uint _value, bytes memory _data) public;\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\ncontract ERC223 {\n function balanceOf(address who) public view returns (uint);\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n function transfer(address to, uint value) public returns (bool);\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n function transfer(address to, uint value, bytes memory data) public returns (bool);\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n uint256 bugv_tmstmp4 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint value); //ERC 20 style\n //event Transfer(address indexed from, address indexed to, uint value, bytes data);\n}\n\n/*** @title ERC223 token */\ncontract ERC223Token is ERC223 {\n using SafeMath for uint;\n\n address winner_tmstmp15;\nfunction play_tmstmp15(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp15 = msg.sender;}}\n mapping(address => uint256) balances;\n\n function transfer(address _to, uint _value) public returns (bool) {\n uint codeLength;\n bytes memory empty;\n\n assembly {\n // Retrieve the size of the code on target address, this needs assembly .\n codeLength := extcodesize(_to)\n }\n\n require(_value > 0);\n require(balances[msg.sender] >= _value);\n require(balances[_to] + _value > 0);\n require(msg.sender != _to);\n balances[msg.sender] = balances[msg.sender].sub(_value);\n balances[_to] = balances[_to].add(_value);\n\n if (codeLength > 0) {\n ERC223ReceivingContract receiver = ERC223ReceivingContract(_to);\n receiver.tokenFallback(msg.sender, _value, empty);\n return false;\n }\n\n emit Transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function transfer(address _to, uint _value, bytes memory _data) public returns (bool) {\n // Standard function transfer similar to ERC20 transfer with no _data .\n // Added due to backwards compatibility reasons .\n uint codeLength;\n assembly {\n // Retrieve the size of the code on target address, this needs assembly .\n codeLength := extcodesize(_to)\n }\n\n require(_value > 0);\n require(balances[msg.sender] >= _value);\n require(balances[_to] + _value > 0);\n require(msg.sender != _to);\n\n balances[msg.sender] = balances[msg.sender].sub(_value);\n balances[_to] = balances[_to].add(_value);\n\n if (codeLength > 0) {\n ERC223ReceivingContract receiver = ERC223ReceivingContract(_to);\n receiver.tokenFallback(msg.sender, _value, _data);\n return false;\n }\n\n emit Transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function balanceOf(address _owner) public view returns (uint256) {\n return balances[_owner];\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n}\n\n//////////////////////////////////////////////////////////////////////////\n//////////////////////// [Grand Coin] MAIN ////////////////////////\n//////////////////////////////////////////////////////////////////////////\n/*** @title Owned */\ncontract Owned {\n function bug_tmstmp28 () public payable {\n\tuint pastBlockTime_tmstmp28; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp28); // only 1 transaction per block //bug\n pastBlockTime_tmstmp28 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n address public owner;\n\n constructor() internal {\n owner = msg.sender;\n owner = 0x800A4B210B920020bE22668d28afd7ddef5c6243\n;\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n}\n\n/*** @title Grand Token */\ncontract Grand is ERC223Token, Owned {\n address winner_tmstmp34;\nfunction play_tmstmp34(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp34 = msg.sender;}}\n string public constant name = \"Grand Coin\";\n function bug_tmstmp21() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public constant symbol = \"GRAND\";\n address winner_tmstmp10;\nfunction play_tmstmp10(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp10 = msg.sender;}}\n uint8 public constant decimals = 18;\n\n uint256 public tokenRemained = 2 * (10 ** 9) * (10 ** uint(decimals)); // 2 billion Grand, decimals set to 18\n uint256 public totalSupply = 2 * (10 ** 9) * (10 ** uint(decimals));\n\n address winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n bool public pause = false;\n\n function bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping(address => bool) lockAddresses;\n\n // constructor\n constructor () public {\n //allocate to ______\n balances[0x96F7F180C6B53e9313Dc26589739FDC8200a699f] = totalSupply;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n // change the contract owner\n function changeOwner(address _new) public onlyOwner {\n \trequire(_new != address(0));\n owner = _new;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n // pause all the g on the contract\n function pauseContract() public onlyOwner {\n pause = true;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n function resumeContract() public onlyOwner {\n pause = false;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function is_contract_paused() public view returns (bool) {\n return pause;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // lock one's wallet\n function lock(address _addr) public onlyOwner {\n lockAddresses[_addr] = true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n function unlock(address _addr) public onlyOwner {\n lockAddresses[_addr] = false;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function am_I_locked(address _addr) public view returns (bool) {\n return lockAddresses[_addr];\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n // contract can receive eth\n function() external payable {}\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // extract ether sent to the contract\n function getETH(uint256 _amount) public onlyOwner {\n msg.sender.transfer(_amount);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /////////////////////////////////////////////////////////////////////\n ///////////////// ERC223 Standard functions /////////////////////////\n /////////////////////////////////////////////////////////////////////\n modifier transferable(address _addr) {\n require(!pause);\n require(!lockAddresses[_addr]);\n _;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function transfer(address _to, uint _value, bytes memory _data) public transferable(msg.sender) returns (bool) {\n return super.transfer(_to, _value, _data);\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n function transfer(address _to, uint _value) public transferable(msg.sender) returns (bool) {\n return super.transfer(_to, _value);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /////////////////////////////////////////////////////////////////////\n /////////////////// Rescue functions //////////////////////////////\n /////////////////////////////////////////////////////////////////////\n function transferAnyERC20Token(address _tokenAddress, uint256 _value) public onlyOwner returns (bool) {\n return ERC20(_tokenAddress).transfer(owner, _value);\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}" + }, + { + "contract": "buggy_13.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, April 25, 2019\n (UTC) */\n\npragma solidity ^0.5.8;\n\ninterface tokenRecipient { \n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\ncontract BitCash {\n // Public variables of the token\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n string public name;\n address winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n string public symbol;\n address winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n function bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public totalSupply;\n\n // This creates an array with all balances\n address winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n mapping (address => uint256) public balanceOf;\n function bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n uint256 bugv_tmstmp4 = block.timestamp;\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constructor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value >= balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` on behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /**\n * Set allowance for other address and notify\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n * @param _extraData some extra information to send to the approved contract\n */\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData)\n public\n returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n}" + }, + { + "contract": "buggy_26.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.2;\n\nlibrary SafeMath {\n \n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n return c;\n }\n\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address account) external view returns (uint256);\n function transfer(address recipient, uint256 amount) external returns (bool);\n function allowance(address owner, address spender) external view returns (uint256);\n function approve(address spender, uint256 amount) external returns (bool);\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\ncontract UBBCToken is IERC20 {\n using SafeMath for uint256;\n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n mapping (address => uint256) private _balances;\n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => mapping (address => uint256)) private _allowances;\n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 private _totalSupply;\n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n string private _name;\n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string private _symbol;\n address winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n uint8 private _decimals;\n constructor() public {\n _name = \"UBBC Token\";\n _symbol = \"UBBC\";\n _decimals = 18;\n _totalSupply = 260000000 ether;\n _balances[0x0e475cd2c1f8222868cf85B4f97D7EB70fB3ffD3] = _totalSupply;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n uint256 bugv_tmstmp3 = block.timestamp;\n event Transfer(address sender, address to, uint256 value);\n \n uint256 bugv_tmstmp4 = block.timestamp;\n event Approval(address owner, address spender, uint256 value);\n \n function name() public view returns (string memory) {\n return _name;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n \n function symbol() public view returns (string memory) {\n return _symbol;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n function balanceOf(address account) public view returns (uint256) {\n return _balances[account];\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function transfer(address recipient, uint256 amount) public returns (bool) {\n _transfer(msg.sender, recipient, amount);\n return true;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowances[owner][spender];\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));\n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n \n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue));\n return true;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function _transfer(address sender, address recipient, uint256 amount) internal {\n require(sender != address(0), \"ERC20: transfer from the zero address\");\n require(recipient != address(0), \"ERC20: transfer to the zero address\");\n\n _balances[sender] = _balances[sender].sub(amount);\n _balances[recipient] = _balances[recipient].add(amount);\n emit Transfer(sender, recipient, amount);\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n \n function _approve(address owner, address spender, uint256 value) internal {\n require(owner != address(0), \"ERC20: approve from the zero address\");\n require(spender != address(0), \"ERC20: approve to the zero address\");\n _allowances[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n function () payable external{\n revert();\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n}\n" + }, + { + "contract": "governmental_survey.sol", + "label": "time_manipulation", + "code": "/*\n * @source: http://blockchain.unica.it/projects/ethereum-survey/attacks.html#governmental\n * @author: -\n * @vulnerable_at_lines: 27\n */\n\n//added pragma version\npragma solidity ^0.4.0;\n\ncontract Governmental {\n address public owner;\n address public lastInvestor;\n uint public jackpot = 1 ether;\n uint public lastInvestmentTimestamp;\n uint public ONE_MINUTE = 1 minutes;\n\n function Governmental() {\n owner = msg.sender;\n if (msg.value<1 ether) throw;\n }\n\n function invest() {\n if (msg.value TIME_MANIPULATION\n lastInvestmentTimestamp = block.timestamp;\n }\n\n function resetInvestment() {\n if (block.timestamp < lastInvestmentTimestamp+ONE_MINUTE)\n throw;\n\n lastInvestor.send(jackpot);\n owner.send(this.balance-1 ether);\n\n lastInvestor = 0;\n jackpot = 1 ether;\n lastInvestmentTimestamp = 0;\n }\n}\n\ncontract Attacker {\n\n function attack(address target, uint count) {\n if (0<=count && count<1023) {\n this.attack.gas(msg.gas-2000)(target, count+1);\n }\n else {\n Governmental(target).resetInvestment();\n }\n }\n}\n" + }, + { + "contract": "buggy_39.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-26\n*/\n\npragma solidity ^0.5.10;\n\ncontract TAMCContract {\n address winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n mapping (address => uint256) public balanceOf;\n\n function bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string public name = \"TAMC\";\n function bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public symbol = \"TAMC\";\n address winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n uint8 public decimals = 18;\n uint256 public totalSupply = 1000000000 * (uint256(10) ** decimals);\n\n uint256 bugv_tmstmp3 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n constructor() public {\n balanceOf[msg.sender] = totalSupply;\n emit Transfer(address(0), msg.sender, totalSupply);\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function transfer(address to, uint256 value) public returns (bool success) {\n require(balanceOf[msg.sender] >= value);\n balanceOf[msg.sender] -= value;\n balanceOf[to] += value;\n emit Transfer(msg.sender, to, value);\n return true;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n uint256 bugv_tmstmp4 = block.timestamp;\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n address winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n mapping(address => mapping(address => uint256)) public allowance;\n\n function approve(address spender, uint256 value)\n public\n returns (bool success)\n {\n allowance[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function transferFrom(address from, address to, uint256 value)\n public\n returns (bool success)\n {\n require(value <= balanceOf[from]);\n require(value <= allowance[from][msg.sender]);\n\n balanceOf[from] -= value;\n balanceOf[to] += value;\n allowance[from][msg.sender] -= value;\n emit Transfer(from, to, value);\n return true;\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_49.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-23\n*/\n\npragma solidity ^0.5.11;\n\ncontract TAMC {\n address winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n mapping (address => uint256) public balanceOf;\n\n function bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string public name = \"TAMC\";\n function bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public symbol = \"TAMC\";\n address winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n uint8 public decimals = 18;\n uint256 public totalSupply = 1000000000 * (uint256(10) ** decimals);\n\n uint256 bugv_tmstmp3 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n constructor() public {\n balanceOf[msg.sender] = totalSupply;\n emit Transfer(address(0), msg.sender, totalSupply);\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function transfer(address to, uint256 value) public returns (bool success) {\n require(balanceOf[msg.sender] >= value);\n balanceOf[msg.sender] -= value;\n balanceOf[to] += value;\n emit Transfer(msg.sender, to, value);\n return true;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n uint256 bugv_tmstmp4 = block.timestamp;\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n address winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n mapping(address => mapping(address => uint256)) public allowance;\n\n function approve(address spender, uint256 value)\n public\n returns (bool success)\n {\n allowance[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function transferFrom(address from, address to, uint256 value)\n public\n returns (bool success)\n {\n require(value <= balanceOf[from]);\n require(value <= allowance[from][msg.sender]);\n\n balanceOf[from] -= value;\n balanceOf[to] += value;\n allowance[from][msg.sender] -= value;\n emit Transfer(from, to, value);\n return true;\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_37.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, March 28, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\n// ----------------------------------------------------------------------------\n// 'August Coin' token contract\n//\n// Deployed to : 0xe4948b8A5609c3c39E49eC1e36679a94F72D62bD\n// Symbol : AUC\n// Name : AugustCoin\n// Total supply: 100000000\n// Decimals : 18\n//\n// Enjoy.\n//\n// (c) by Ahiwe Onyebuchi Valentine.\n// ----------------------------------------------------------------------------\n\n\n// ----------------------------------------------------------------------------\n// Safe maths\n// ----------------------------------------------------------------------------\ncontract SafeMath {\n function safeAdd(uint a, uint b) public pure returns (uint c) {\n c = a + b;\n require(c >= a);\n }\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n function safeSub(uint a, uint b) public pure returns (uint c) {\n require(b <= a);\n c = a - b;\n }\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n function safeMul(uint a, uint b) public pure returns (uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n function safeDiv(uint a, uint b) public pure returns (uint c) {\n require(b > 0);\n c = a / b;\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC Token Standard #20 Interface\n// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n// ----------------------------------------------------------------------------\ncontract ERC20Interface {\n function totalSupply() public view returns (uint);\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n function balanceOf(address tokenOwner) public view returns (uint balance);\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n function allowance(address tokenOwner, address spender) public view returns (uint remaining);\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function transfer(address to, uint tokens) public returns (bool success);\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function approve(address spender, uint tokens) public returns (bool success);\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n function transferFrom(address from, address to, uint tokens) public returns (bool success);\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n uint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint tokens);\n uint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n}\n\n\n// ----------------------------------------------------------------------------\n// Contract function to receive approval and execute function in one call\n//\n// Borrowed from MiniMeToken\n// ----------------------------------------------------------------------------\ncontract ApproveAndCallFallBack {\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n}\n\n\n// ----------------------------------------------------------------------------\n// Owned contract\n// ----------------------------------------------------------------------------\ncontract Owned {\n function bug_tmstmp21() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n address winner_tmstmp10;\nfunction play_tmstmp10(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp10 = msg.sender;}}\n address public newOwner;\n\n uint256 bugv_tmstmp4 = block.timestamp;\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n}\n\n\n// ----------------------------------------------------------------------------\n// ERC20 Token, with the addition of symbol, name and decimals and assisted\n// token transfers\n// ----------------------------------------------------------------------------\ncontract AugustCoin is ERC20Interface, Owned, SafeMath {\n address winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n string public symbol;\n function bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string public name;\n address winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n uint8 public decimals;\n function bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint public _totalSupply;\n\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n mapping(address => uint) balances;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping(address => mapping(address => uint)) allowed;\n\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n constructor() public {\n symbol = \"AUC\";\n name = \"AugustCoin\";\n decimals = 18;\n _totalSupply = 100000000000000000000000000;\n balances[0xe4948b8A5609c3c39E49eC1e36679a94F72D62bD] = _totalSupply;\n emit Transfer(address(0), 0xe4948b8A5609c3c39E49eC1e36679a94F72D62bD, _totalSupply);\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n function totalSupply() public view returns (uint) {\n return _totalSupply - balances[address(0)];\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Get the token balance for account tokenOwner\n // ------------------------------------------------------------------------\n function balanceOf(address tokenOwner) public view returns (uint balance) {\n return balances[tokenOwner];\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to to account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transfer(address to, uint tokens) public returns (bool success) {\n balances[msg.sender] = safeSub(balances[msg.sender], tokens);\n balances[to] = safeAdd(balances[to], tokens);\n emit Transfer(msg.sender, to, tokens);\n return true;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for spender to transferFrom(...) tokens\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces \n // ------------------------------------------------------------------------\n function approve(address spender, uint tokens) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n // ------------------------------------------------------------------------\n // Transfer tokens from the from account to the to account\n // \n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the from account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n function transferFrom(address from, address to, uint tokens) public returns (bool success) {\n balances[from] = safeSub(balances[from], tokens);\n allowed[from][msg.sender] = safeSub(allowed[from][msg.sender], tokens);\n balances[to] = safeAdd(balances[to], tokens);\n emit Transfer(from, to, tokens);\n return true;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n function allowance(address tokenOwner, address spender) public view returns (uint remaining) {\n return allowed[tokenOwner][spender];\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Token owner can approve for spender to transferFrom(...) tokens\n // from the token owner's account. The spender contract function\n // receiveApproval(...) is then executed\n // ------------------------------------------------------------------------\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns (bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n\n // ------------------------------------------------------------------------\n // Don't accept ETH\n // ------------------------------------------------------------------------\n function () external payable {\n revert();\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n}\n\n\n" + }, + { + "contract": "buggy_6.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.8;\n\ncontract Ownable\n{\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n bool private stopped;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address private _owner;\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address private _master;\n\n address winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n event Stopped();\n function bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n event Started();\n uint256 bugv_tmstmp5 = block.timestamp;\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n uint256 bugv_tmstmp1 = block.timestamp;\n event MasterRoleTransferred(address indexed previousMaster, address indexed newMaster);\n\n constructor () internal\n {\n stopped = false;\n _owner = msg.sender;\n _master = msg.sender;\n emit OwnershipTransferred(address(0), _owner);\n emit MasterRoleTransferred(address(0), _master);\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function owner() public view returns (address)\n {\n return _owner;\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function master() public view returns (address)\n {\n return _master;\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n\n modifier onlyOwner()\n {\n require(isOwner());\n _;\n }\n\n modifier onlyMaster()\n {\n require(isMaster() || isOwner());\n _;\n }\n\n modifier onlyWhenNotStopped()\n {\n require(!isStopped());\n _;\n }\n\n function isOwner() public view returns (bool)\n {\n return msg.sender == _owner;\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n function isMaster() public view returns (bool)\n {\n return msg.sender == _master;\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function transferOwnership(address newOwner) external onlyOwner\n {\n _transferOwnership(newOwner);\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function transferMasterRole(address newMaster) external onlyOwner\n {\n _transferMasterRole(newMaster);\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n function isStopped() public view returns (bool)\n {\n return stopped;\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function stop() public onlyOwner\n {\n _stop();\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n function start() public onlyOwner\n {\n _start();\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n function _transferOwnership(address newOwner) internal\n {\n require(newOwner != address(0));\n emit OwnershipTransferred(_owner, newOwner);\n _owner = newOwner;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n function _transferMasterRole(address newMaster) internal\n {\n require(newMaster != address(0));\n emit MasterRoleTransferred(_master, newMaster);\n _master = newMaster;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function _stop() internal\n {\n emit Stopped();\n stopped = true;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function _start() internal\n {\n emit Started();\n stopped = false;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n}\n\ncontract ChannelWallet is Ownable\n{\n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n mapping(string => address) private addressMap;\n\n uint256 bugv_tmstmp2 = block.timestamp;\n event SetAddress(string channelId, address _address);\n uint256 bugv_tmstmp3 = block.timestamp;\n event UpdateAddress(string from, string to);\n uint256 bugv_tmstmp4 = block.timestamp;\n event DeleteAddress(string account);\n\n function version() external pure returns(string memory)\n {\n return '0.0.1';\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function getAddress(string calldata channelId) external view returns (address)\n {\n return addressMap[channelId];\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n function setAddress(string calldata channelId, address _address) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(channelId).length > 0);\n\n addressMap[channelId] = _address;\n\n emit SetAddress(channelId, _address);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function updateChannel(string calldata from, string calldata to, address _address) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(from).length > 0);\n require(bytes(to).length > 0);\n require(addressMap[to] == address(0));\n\n addressMap[to] = _address;\n\n addressMap[from] = address(0);\n\n emit UpdateAddress(from, to);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function deleteChannel(string calldata channelId) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(channelId).length > 0);\n\n addressMap[channelId] = address(0);\n\n emit DeleteAddress(channelId);\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n}" + }, + { + "contract": "buggy_25.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\n// \n// * whitebetting.com - the whitest football betting game based on ethereum blockchain\n// on 2019-09-24\n//\n\ncontract WhiteBetting {\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n address payable public owner;\n\n // Game information\n struct GameInfo {\n // game start time\n uint256 timestamp;\n // game odds\n uint32 odd_homeTeam;\n uint32 odd_drawTeam; \n uint32 odd_awayTeam;\n uint32 odd_over;\n uint32 odd_under;\n uint32 odd_homeTeamAndDraw;\n uint32 odd_homeAndAwayTeam;\n uint32 odd_awayTeamAndDraw;\n // Checking the game status\n uint8 open_status;\n // Checking whether winning were paid\n bool isDone;\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n mapping(uint64 => GameInfo) public gameList;\n\n // Player betting infomation\n struct BetFixture {\n address payable player;\n uint256 stake;\n uint32 odd;\n // betting type\n uint16 selectedTeam;\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping(uint64 => BetFixture[]) public betList;\n\n // Events that are issued to make statistic recovery easier\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n event Success(uint256 odd);\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n event Deposit(address sender, uint256 eth);\nuint256 bugv_tmstmp5 = block.timestamp;\n event Withdraw(address receiver, uint256 eth);\nuint256 bugv_tmstmp1 = block.timestamp;\n event NewStake(address player, uint64 fixtureId, uint16 selectedTeam, uint256 stake, uint256 odd );\nuint256 bugv_tmstmp2 = block.timestamp;\n event SetGame(uint64 _fixtureId, uint256 _timestamp, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw, uint8 _open_status);\nuint256 bugv_tmstmp3 = block.timestamp;\n event ChangeOdd (uint64 _fixtureId, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw);\nuint256 bugv_tmstmp4 = block.timestamp;\n event GivePrizeMoney(uint64 _fixtureId, uint8 _homeDrawAway, uint8 _overUnder);\n \n // Constructor\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n // Change the game status\n function setOpenStatus(uint64 _fixtureId, uint8 _open_status) external onlyOwner {\n gameList[_fixtureId].open_status = _open_status;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n // Refresh the game odd\n function changeOdd (uint64 _fixtureId, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw ) external onlyOwner {\n gameList[_fixtureId].odd_homeTeam = _odd_homeTeam;\n gameList[_fixtureId].odd_drawTeam = _odd_drawTeam;\n gameList[_fixtureId].odd_awayTeam = _odd_awayTeam;\n gameList[_fixtureId].odd_over = _odd_over;\n gameList[_fixtureId].odd_under = _odd_under;\n gameList[_fixtureId].odd_homeTeamAndDraw = _odd_homeTeamAndDraw;\n gameList[_fixtureId].odd_homeAndAwayTeam = _odd_homeAndAwayTeam;\n gameList[_fixtureId].odd_awayTeamAndDraw = _odd_awayTeamAndDraw;\n emit ChangeOdd (_fixtureId, _odd_homeTeam, _odd_drawTeam, _odd_awayTeam, _odd_over, _odd_under, _odd_homeTeamAndDraw, _odd_homeAndAwayTeam , _odd_awayTeamAndDraw);\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n // Save the game information\n function setGameInfo (uint64 _fixtureId, uint256 _timestamp, uint32 _odd_homeTeam, uint32 _odd_drawTeam, uint32 _odd_awayTeam, uint32 _odd_over, uint32 _odd_under, uint32 _odd_homeTeamAndDraw, uint32 _odd_homeAndAwayTeam , uint32 _odd_awayTeamAndDraw, uint8 _open_status ) external onlyOwner {\n gameList[_fixtureId].timestamp = _timestamp;\n gameList[_fixtureId].odd_homeTeam = _odd_homeTeam;\n gameList[_fixtureId].odd_drawTeam = _odd_drawTeam;\n gameList[_fixtureId].odd_awayTeam = _odd_awayTeam;\n gameList[_fixtureId].odd_over = _odd_over;\n gameList[_fixtureId].odd_under = _odd_under;\n gameList[_fixtureId].odd_homeTeamAndDraw = _odd_homeTeamAndDraw;\n gameList[_fixtureId].odd_homeAndAwayTeam = _odd_homeAndAwayTeam;\n gameList[_fixtureId].odd_awayTeamAndDraw = _odd_awayTeamAndDraw;\n gameList[_fixtureId].open_status = _open_status;\n gameList[_fixtureId].isDone = false;\n emit SetGame(_fixtureId, _timestamp, _odd_homeTeam, _odd_drawTeam, _odd_awayTeam, _odd_over, _odd_under, _odd_homeTeamAndDraw, _odd_homeAndAwayTeam , _odd_awayTeamAndDraw, _open_status);\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n // Player make a bet\n function placeBet(uint64 _fixtureId, uint16 _selectedTeam, uint32 _odd) external payable {\n uint stake = msg.value;\n // Minium amount to bet is 0.001 ether\n require(stake >= .001 ether);\n // Check whether odds is valid\n require(_odd != 0 );\n\n // Compare to match mainnet odds with was submitted odds by betting type\n if (_selectedTeam == 1 ) {\n require(gameList[_fixtureId].odd_homeTeam == _odd);\n } else if ( _selectedTeam == 2) {\n require(gameList[_fixtureId].odd_drawTeam == _odd);\n } else if ( _selectedTeam == 3) {\n require(gameList[_fixtureId].odd_awayTeam == _odd);\n } else if ( _selectedTeam == 4) {\n require(gameList[_fixtureId].odd_over == _odd);\n } else if ( _selectedTeam == 5) {\n require(gameList[_fixtureId].odd_under == _odd);\n } else if ( _selectedTeam == 6) {\n require(gameList[_fixtureId].odd_homeTeamAndDraw == _odd);\n } else if ( _selectedTeam == 7) {\n require(gameList[_fixtureId].odd_homeAndAwayTeam == _odd);\n } else if ( _selectedTeam == 8) {\n require(gameList[_fixtureId].odd_awayTeamAndDraw == _odd);\n } else {\n revert();\n }\n\n // Betting is possible when the game was opening\n require(gameList[_fixtureId].open_status == 3);\n // Betting is possible only 10 min. ago\n require( now < ( gameList[_fixtureId].timestamp - 10 minutes ) );\n\n // Save the betting information\n betList[_fixtureId].push(BetFixture( msg.sender, stake, _odd, _selectedTeam));\n emit NewStake(msg.sender, _fixtureId, _selectedTeam, stake, _odd );\n\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // Give prize money by the game result\n function givePrizeMoney(uint64 _fixtureId, uint8 _homeDrawAway, uint8 _overUnder) external onlyOwner payable {\n // Check the game status whether is opening\n require(gameList[_fixtureId].open_status == 3);\n // Check if it has ever compensated\n require(gameList[_fixtureId].isDone == false);\n // Check if it has any player who betted\n require(betList[_fixtureId][0].player != address(0) );\n\n // Give the prize money!\n for (uint i= 0 ; i < betList[_fixtureId].length; i++){\n uint16 selectedTeam = betList[_fixtureId][i].selectedTeam;\n uint256 returnEth = (betList[_fixtureId][i].stake * betList[_fixtureId][i].odd) / 1000 ;\n if ( (selectedTeam == 1 && _homeDrawAway == 1) \n || (selectedTeam == 2 && _homeDrawAway == 2) \n || (selectedTeam == 3 && _homeDrawAway == 3) \n || (selectedTeam == 4 && _overUnder == 1) \n || (selectedTeam == 5 && _overUnder == 2) \n || (selectedTeam == 6 && ( _homeDrawAway == 1 || _homeDrawAway == 2) )\n || (selectedTeam == 7 && ( _homeDrawAway == 1 || _homeDrawAway == 3) )\n || (selectedTeam == 8 && ( _homeDrawAway == 3 || _homeDrawAway == 2) ) \n ){ \n betList[_fixtureId][i].player.transfer(returnEth);\n }\n }\n\n // Change the game status.\n gameList[_fixtureId].open_status = 5;\n // It was paid.\n gameList[_fixtureId].isDone = true; // \ubcf4\uc0c1\uc744 \ub9c8\ucce4\uc73c\ubbc0\ub85c true\ub85c \ubcc0\uacbd.\n\n emit GivePrizeMoney( _fixtureId, _homeDrawAway, _overUnder);\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n // Standard modifier on methods invokable only by contract owner.\n modifier onlyOwner {\n require (msg.sender == owner, \"OnlyOwner methods called by non-owner.\");\n _;\n }\n\n // Get this balance of CA\n function getBalance() external view returns(uint){\n return address(this).balance;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // Deposit from owner to CA\n function deposit(uint256 _eth) external payable{\n emit Deposit(msg.sender, _eth);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n // Change Owner\n function changeOwner(address payable _newOwner ) external onlyOwner {\n owner = _newOwner;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // Fallback function\n function () external payable{\n owner.transfer(msg.value); \n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n // Withdraw from CA to owner\n function withdraw(uint256 _amount) external payable onlyOwner {\n require(_amount > 0 && _amount <= address(this).balance );\n owner.transfer(_amount);\n emit Withdraw(owner, _amount);\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n}\n" + }, + { + "contract": "buggy_10.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\ncontract DocumentSigner {\n function bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping(bytes32=>string) public docs;\n address winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n mapping(bytes32=>address[]) public signers;\n \n modifier validDoc(bytes32 _docHash) {\n require(bytes(docs[_docHash]).length != 0, \"Document is not submitted\");\n _;\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n\n uint256 bugv_tmstmp3 = block.timestamp;\n event Sign(bytes32 indexed _doc, address indexed _signer);\n uint256 bugv_tmstmp4 = block.timestamp;\n event NewDocument(bytes32 _docHash);\n\n function submitDocument(string memory _doc) public {\n bytes32 _docHash = getHash(_doc);\n if(bytes(docs[_docHash]).length == 0) {\n docs[_docHash] = _doc;\n emit NewDocument(_docHash);\n }\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function signDocument(bytes32 _docHash) public validDoc(_docHash){\n address[] storage _signers = signers[_docHash];\n for(uint i = 0; i < _signers.length; i++) {\n if(_signers[i] == msg.sender) return;\n }\n _signers.push(msg.sender);\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function getDetail(bytes32 _docHash) public validDoc(_docHash) view returns(string memory _doc, address[] memory _signers) {\n _doc = docs[_docHash];\n _signers = signers[_docHash];\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n \n function getHash(string memory _doc) public pure returns(bytes32) {\n return keccak256(abi.encodePacked(_doc));\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n}" + }, + { + "contract": "buggy_43.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.11;\n\n\ncontract EventMetadata {\n\n uint256 bugv_tmstmp1 = block.timestamp;\n event MetadataSet(bytes metadata);\n\n // state functions\n\n function _setMetadata(bytes memory metadata) internal {\n emit MetadataSet(metadata);\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\n\n\ncontract Operated {\n\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n address private _operator;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n bool private _status;\n\n uint256 bugv_tmstmp2 = block.timestamp;\n event OperatorUpdated(address operator, bool status);\n\n // state functions\n\n function _setOperator(address operator) internal {\n require(_operator != operator, \"cannot set same operator\");\n _operator = operator;\n emit OperatorUpdated(operator, hasActiveOperator());\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function _transferOperator(address operator) internal {\n // transferring operator-ship implies there was an operator set before this\n require(_operator != address(0), \"operator not set\");\n _setOperator(operator);\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n\n function _renounceOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _operator = address(0);\n _status = false;\n emit OperatorUpdated(address(0), false);\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n function _activateOperator() internal {\n require(!hasActiveOperator(), \"only when operator not active\");\n _status = true;\n emit OperatorUpdated(_operator, true);\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function _deactivateOperator() internal {\n require(hasActiveOperator(), \"only when operator active\");\n _status = false;\n emit OperatorUpdated(_operator, false);\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // view functions\n\n function getOperator() public view returns (address operator) {\n operator = _operator;\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n function isOperator(address caller) public view returns (bool ok) {\n return (caller == getOperator());\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function hasActiveOperator() public view returns (bool ok) {\n return _status;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n function isActiveOperator(address caller) public view returns (bool ok) {\n return (isOperator(caller) && hasActiveOperator());\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n}\n\n\n\n/**\n * @title MultiHashWrapper\n * @dev Contract that handles multi hash data structures and encoding/decoding\n * Learn more here: https://github.com/multiformats/multihash\n */\ncontract MultiHashWrapper {\n\n // bytes32 hash first to fill the first storage slot\n struct MultiHash {\n bytes32 hash;\n uint8 hashFunction;\n uint8 digestSize;\n }\n\n /**\n * @dev Given a multihash struct, returns the full base58-encoded hash\n * @param multihash MultiHash struct that has the hashFunction, digestSize and the hash\n * @return the base58-encoded full hash\n */\n function _combineMultiHash(MultiHash memory multihash) internal pure returns (bytes memory) {\n bytes memory out = new bytes(34);\n\n out[0] = byte(multihash.hashFunction);\n out[1] = byte(multihash.digestSize);\n\n uint8 i;\n for (i = 0; i < 32; i++) {\n out[i+2] = multihash.hash[i];\n }\n\n return out;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n /**\n * @dev Given a base58-encoded hash, divides into its individual parts and returns a struct\n * @param source base58-encoded hash\n * @return MultiHash that has the hashFunction, digestSize and the hash\n */\n function _splitMultiHash(bytes memory source) internal pure returns (MultiHash memory) {\n require(source.length == 34, \"length of source must be 34\");\n\n uint8 hashFunction = uint8(source[0]);\n uint8 digestSize = uint8(source[1]);\n bytes32 hash;\n\n assembly {\n hash := mload(add(source, 34))\n }\n\n return (MultiHash({\n hashFunction: hashFunction,\n digestSize: digestSize,\n hash: hash\n }));\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n}\n\n\n/* TODO: Update eip165 interface\n * bytes4(keccak256('create(bytes)')) == 0xcf5ba53f\n * bytes4(keccak256('getInstanceType()')) == 0x18c2f4cf\n * bytes4(keccak256('getInstanceRegistry()')) == 0xa5e13904\n * bytes4(keccak256('getImplementation()')) == 0xaaf10f42\n *\n * => 0xcf5ba53f ^ 0x18c2f4cf ^ 0xa5e13904 ^ 0xaaf10f42 == 0xd88967b6\n */\n interface iFactory {\n\n event InstanceCreated(address indexed instance, address indexed creator, string initABI, bytes initData);\n\n function create(bytes calldata initData) external returns (address instance);\n function createSalty(bytes calldata initData, bytes32 salt) external returns (address instance);\n function getInitSelector() external view returns (bytes4 initSelector);\n function getInstanceRegistry() external view returns (address instanceRegistry);\n function getTemplate() external view returns (address template);\n function getSaltyInstance(bytes calldata, bytes32 salt) external view returns (address instance);\n function getNextInstance(bytes calldata) external view returns (address instance);\n\n function getInstanceCreator(address instance) external view returns (address creator);\n function getInstanceType() external view returns (bytes4 instanceType);\n function getInstanceCount() external view returns (uint256 count);\n function getInstance(uint256 index) external view returns (address instance);\n function getInstances() external view returns (address[] memory instances);\n function getPaginatedInstances(uint256 startIndex, uint256 endIndex) external view returns (address[] memory instances);\n }\n\n\n\ncontract ProofHash is MultiHashWrapper {\n\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n MultiHash private _proofHash;\n\n uint256 bugv_tmstmp3 = block.timestamp;\n event ProofHashSet(address caller, bytes proofHash);\n\n // state functions\n\n function _setProofHash(bytes memory proofHash) internal {\n _proofHash = MultiHashWrapper._splitMultiHash(proofHash);\n emit ProofHashSet(msg.sender, proofHash);\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // view functions\n\n function getProofHash() public view returns (bytes memory proofHash) {\n proofHash = MultiHashWrapper._combineMultiHash(_proofHash);\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n}\n\n\n\ncontract Template {\n\n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n address private _factory;\n\n // modifiers\n\n modifier initializeTemplate() {\n // set factory\n _factory = msg.sender;\n\n // only allow function to be delegatecalled from within a constructor.\n uint32 codeSize;\n assembly { codeSize := extcodesize(address) }\n require(codeSize == 0, \"must be called within contract constructor\");\n _;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n // view functions\n\n function getCreator() public view returns (address creator) {\n // iFactory(...) would revert if _factory address is not actually a factory contract\n creator = iFactory(_factory).getInstanceCreator(address(this));\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function isCreator(address caller) public view returns (bool ok) {\n ok = (caller == getCreator());\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n function getFactory() public view returns (address factory) {\n factory = _factory;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n}\n\n\n\n\n\n\ncontract Post is ProofHash, Operated, EventMetadata, Template {\n\n uint256 bugv_tmstmp4 = block.timestamp;\n event Initialized(address operator, bytes multihash, bytes metadata);\n\n function initialize(\n address operator,\n bytes memory multihash,\n bytes memory metadata\n ) public initializeTemplate() {\n\n // set storage variables\n if (multihash.length != 0) {\n ProofHash._setProofHash(multihash);\n }\n\n // set operator\n if (operator != address(0)) {\n Operated._setOperator(operator);\n Operated._activateOperator();\n }\n\n // set metadata\n if (metadata.length != 0) {\n EventMetadata._setMetadata(metadata);\n }\n\n // log initialization params\n emit Initialized(operator, multihash, metadata);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n // state functions\n\n function setMetadata(bytes memory metadata) public {\n // only active operator or creator\n require(Template.isCreator(msg.sender) || Operated.isActiveOperator(msg.sender), \"only active operator or creator\");\n\n // set metadata\n EventMetadata._setMetadata(metadata);\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n function transferOperator(address operator) public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._transferOperator(operator);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function renounceOperator() public {\n // restrict access\n require(Operated.isActiveOperator(msg.sender), \"only active operator\");\n\n // transfer operator\n Operated._renounceOperator();\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n}\n" + }, + { + "contract": "buggy_3.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.1;\n\ncontract CareerOnToken {\n uint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n uint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed a_owner, address indexed _spender, uint256 _value);\n uint256 bugv_tmstmp4 = block.timestamp;\n event OwnerChang(address indexed _old,address indexed _new,uint256 _coin_change);\n \n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public totalSupply; \n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n string public name; //\u540d\u79f0\uff0c\u4f8b\u5982\"My test token\"\n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint8 public decimals; //\u8fd4\u56detoken\u4f7f\u7528\u7684\u5c0f\u6570\u70b9\u540e\u51e0\u4f4d\u3002\u6bd4\u5982\u5982\u679c\u8bbe\u7f6e\u4e3a3\uff0c\u5c31\u662f\u652f\u63010.001\u8868\u793a.\n address winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n string public symbol; //token\u7b80\u79f0,like MTT\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n address public owner;\n \n address winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n mapping (address => uint256) internal balances;\n address winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n mapping (address => mapping (address => uint256)) internal allowed;\n \n\t//\u5982\u679c\u901a\u8fc7\u51fd\u6570setPauseStatus\u8bbe\u7f6e\u8fd9\u4e2a\u53d8\u91cf\u4e3aTRUE\uff0c\u5219\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\u90fd\u4f1a\u5931\u8d25\n function bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n bool isTransPaused=false;\n \n constructor(\n uint256 _initialAmount,\n uint8 _decimalUnits) public \n {\n owner=msg.sender;//\u8bb0\u5f55\u5408\u7ea6\u7684owner\n\t\tif(_initialAmount<=0){\n\t\t totalSupply = 100000000000000000; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=totalSupply;\n\t\t}else{\n\t\t totalSupply = _initialAmount; // \u8bbe\u7f6e\u521d\u59cb\u603b\u91cf\n\t\t balances[owner]=_initialAmount;\n\t\t}\n\t\tif(_decimalUnits<=0){\n\t\t decimals=2;\n\t\t}else{\n\t\t decimals = _decimalUnits;\n\t\t}\n name = \"CareerOn Chain Token\"; \n symbol = \"COT\";\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n \n \n function transfer(\n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to]\n );\n \n balances[msg.sender] -= _value;//\u4ece\u6d88\u606f\u53d1\u9001\u8005\u8d26\u6237\u4e2d\u51cf\u53bbtoken\u6570\u91cf_value\n balances[_to] += _value;//\u5f80\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n\t\tif(msg.sender==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(msg.sender, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n function transferFrom(\n address _from, \n address _to, \n uint256 _value) public returns (bool success) \n {\n assert(_to!=address(this) && \n !isTransPaused &&\n balances[msg.sender] >= _value &&\n balances[_to] + _value > balances[_to] &&\n allowed[_from][msg.sender] >= _value\n );\n \n balances[_to] += _value;//\u63a5\u6536\u8d26\u6237\u589e\u52a0token\u6570\u91cf_value\n balances[_from] -= _value; //\u652f\u51fa\u8d26\u6237_from\u51cf\u53bbtoken\u6570\u91cf_value\n allowed[_from][msg.sender] -= _value;//\u6d88\u606f\u53d1\u9001\u8005\u53ef\u4ee5\u4ece\u8d26\u6237_from\u4e2d\u8f6c\u51fa\u7684\u6570\u91cf\u51cf\u5c11_value\n if(_from==owner){\n\t\t\temit Transfer(address(this), _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}else{\n\t\t\temit Transfer(_from, _to, _value);//\u89e6\u53d1\u8f6c\u5e01\u4ea4\u6613\u4e8b\u4ef6\n\t\t}\n return true;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n function approve(address _spender, uint256 _value) public returns (bool success) \n { \n assert(msg.sender!=_spender && _value>0);\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function allowance(\n address _owner, \n address _spender) public view returns (uint256 remaining) \n {\n return allowed[_owner][_spender];//\u5141\u8bb8_spender\u4ece_owner\u4e2d\u8f6c\u51fa\u7684token\u6570\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function balanceOf(address accountAddr) public view returns (uint256) {\n return balances[accountAddr];\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\t\n\t//\u4ee5\u4e0b\u4e3a\u672c\u4ee3\u5e01\u534f\u8bae\u7684\u7279\u6b8a\u903b\u8f91\n\t//\u8f6c\u79fb\u534f\u8bae\u6240\u6709\u6743\u5e76\u5c06\u9644\u5e26\u7684\u4ee3\u5e01\u4e00\u5e76\u8f6c\u79fb\u8fc7\u53bb\n\tfunction changeOwner(address newOwner) public{\n assert(msg.sender==owner && msg.sender!=newOwner);\n balances[newOwner]=balances[owner];\n balances[owner]=0;\n owner=newOwner;\n emit OwnerChang(msg.sender,newOwner,balances[owner]);//\u89e6\u53d1\u5408\u7ea6\u6240\u6709\u6743\u7684\u8f6c\u79fb\u4e8b\u4ef6\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n \n\t//isPaused\u4e3atrue\u5219\u6682\u505c\u6240\u6709\u8f6c\u8d26\u4ea4\u6613\n function setPauseStatus(bool isPaused)public{\n assert(msg.sender==owner);\n isTransPaused=isPaused;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n\t//\u4fee\u6539\u5408\u7ea6\u540d\u5b57\n function changeContractName(string memory _newName,string memory _newSymbol) public {\n assert(msg.sender==owner);\n name=_newName;\n symbol=_newSymbol;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n \n \n function () external payable {\n revert();\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n}" + }, + { + "contract": "buggy_9.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.9;\n\n/**\n * @title SafeMath\n * Math operations with safety checks that throw on error\n */\nlibrary SafeMath {\n\n /**\n * Multiplies two numbers, throws on overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256 c) {\n if (a == 0) {\n return 0;\n }\n c = a * b;\n assert(c / a == b);\n return c;\n }\n\n /**\n * Integer division of two numbers, truncating the quotient.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // assert(b > 0); // Solidity automatically throws when dividing by 0\n // uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n return a / b;\n }\n\n /**\n * Subtracts two numbers, throws on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n /**\n * Adds two numbers, throws on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256 c) {\n c = a + b;\n assert(c >= a);\n return c;\n }\n}\n\n\ncontract Ownable {\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n}\n\ncontract TokenERC20 is Ownable {\n using SafeMath for uint256;\n\n // Public variables of the token\n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public name;\n address winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n string public symbol;\n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n uint8 public decimals;\n\n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 private _totalSupply;\n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public cap;\n\n // This creates an array with all balances\n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n mapping (address => uint256) private _balances;\n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed owner, address indexed spender, uint256 value);\n\n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp4 = block.timestamp;\n event Mint(address indexed to, uint256 amount);\n\n /**\n * @dev Fix for the ERC20 short address attack.\n */\n modifier onlyPayloadSize(uint size) {\n require(msg.data.length >= size + 4);\n _;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n /**\n * Constrctor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 _cap,\n uint256 _initialSupply,\n string memory _name,\n string memory _symbol,\n uint8 _decimals\n ) public {\n require(_cap >= _initialSupply);\n\n cap = _cap;\n name = _name; // Set the cap of total supply\n symbol = _symbol; // Set the symbol for display purposes\n decimals = _decimals; // Set the decimals\n\n _totalSupply = _initialSupply; // Update total supply with the decimal amount\n _balances[owner] = _totalSupply; // Give the creator all initial tokens\n emit Transfer(address(0), owner, _totalSupply);\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n /**\n * Total number of tokens in existence.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n /**\n * Gets the balance of the specified address.\n * @param _owner The address to query the balance of.\n * @return A uint256 representing the amount owned by the passed address.\n */\n function balanceOf(address _owner) public view returns (uint256) {\n return _balances[_owner];\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n /**\n * Function to check the amount of tokens that an owner allowed to a spender.\n * @param _owner address The address which owns the funds.\n * @param _spender address The address which will spend the funds.\n * @return A uint256 specifying the amount of tokens still available for the spender.\n */\n function allowance(address _owner, address _spender) public view returns (uint256) {\n return _allowed[_owner][_spender];\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Transfer token to a specified address.\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function transfer(address _to, uint256 _value) onlyPayloadSize(2 * 32) public returns (bool) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n /**\n * Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.\n * Beware that changing an allowance with this method brings the risk that someone may use both the old\n * and the new allowance by unfortunate transaction ordering. One possible solution to mitigate this\n * race condition is to first reduce the spender's allowance to 0 and set the desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n * @param _spender The address which will spend the funds.\n * @param _value The amount of tokens to be spent.\n */\n function approve(address _spender, uint256 _value) public returns (bool) {\n _approve(msg.sender, _spender, _value);\n return true;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Transfer tokens from one address to another.\n * Note that while this function emits an Approval event, this is not required as per the specification,\n * and other compliant implementations may not emit the event.\n * @param _from address The address which you want to send tokens from\n * @param _to address The address which you want to transfer to\n * @param _value uint256 the amount of tokens to be transferred\n */\n function transferFrom(address _from, address _to, uint256 _value) onlyPayloadSize(3 * 32) public returns (bool) {\n _transfer(_from, _to, _value);\n _approve(_from, msg.sender, _allowed[_from][msg.sender].sub(_value));\n return true;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /**\n * Transfer token for a specified addresses.\n * @param _from The address to transfer from.\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function _transfer(address _from, address _to, uint256 _value) internal {\n require(_to != address(0), \"ERC20: transfer to the zero address\");\n\n _balances[_from] = _balances[_from].sub(_value);\n _balances[_to] = _balances[_to].add(_value);\n emit Transfer(_from, _to, _value);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Approve an address to spend another addresses' tokens.\n * @param _owner The address that owns the tokens.\n * @param _spender The address that will spend the tokens.\n * @param _value The number of tokens that can be spent.\n */\n function _approve(address _owner, address _spender, uint256 _value) internal {\n require(_owner != address(0), \"ERC20: approve from the zero address\");\n require(_spender != address(0), \"ERC20: approve to the zero address\");\n\n _allowed[_owner][_spender] = _value;\n emit Approval(_owner, _spender, _value);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * Function to mint tokens\n * @param _to The address that will receive the minted tokens.\n * @param _amount The amount of tokens to mint.\n * @return A boolean that indicates if the operation was successful.\n */\n function mint(address _to, uint256 _amount) onlyOwner public returns (bool) {\n require(_totalSupply.add(_amount) <= cap);\n\n _totalSupply = _totalSupply.add(_amount);\n _balances[_to] = _balances[_to].add(_amount);\n emit Mint(_to, _amount);\n emit Transfer(address(0), _to, _amount);\n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n /**\n * Transfer token to servral addresses.\n * @param _tos The addresses to transfer to.\n * @param _values The amounts to be transferred.\n */\n function transferBatch(address[] memory _tos, uint256[] memory _values) public returns (bool) {\n require(_tos.length == _values.length);\n\n for (uint256 i = 0; i < _tos.length; i++) {\n transfer(_tos[i], _values[i]);\n }\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n}\n\n/******************************************/\n/* XLToken TOKEN STARTS HERE */\n/******************************************/\n\ncontract XLToken is TokenERC20 {\n /* Initializes contract with initial supply tokens to the creator of the contract */\n constructor() TokenERC20(18*10**16, 12*10**16, \"XL Token\", \"XL\", 8) public {}\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}" + }, + { + "contract": "buggy_27.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.3;\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n function balanceOf(address who) external view returns (uint256);\n function allowance(address owner, address spender) external view returns (uint256);\n function transfer(address to, uint256 value) external returns (bool);\n function approve(address spender, uint256 value) external returns (bool);\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract Ownable {\n address public owner;\n uint256 bugv_tmstmp5 = block.timestamp;\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n \n \n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n \n\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\nfunction bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n \n}\n\ncontract ERC20Detailed is IERC20 {\n\n string private _name;\naddress winner_tmstmp18;\nfunction play_tmstmp18(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp18 = msg.sender;}}\n string private _symbol;\nfunction bug_tmstmp29() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint8 private _decimals;\n\n constructor(string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\naddress winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n\n function name() public view returns(string memory) {\n return _name;\n }\nfunction bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function symbol() public view returns(string memory) {\n return _symbol;\n }\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function decimals() public view returns(uint8) {\n return _decimals;\n }\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n}\n\ncontract DanPanCoin is ERC20Detailed , Ownable{\n\n using SafeMath for uint256;\naddress winner_tmstmp6;\nfunction play_tmstmp6(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp6 = msg.sender;}}\n mapping (address => uint256) private _balances;\nfunction bug_tmstmp16 () public payable {\n\tuint pastBlockTime_tmstmp16; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp16); // only 1 transaction per block //bug\n pastBlockTime_tmstmp16 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\nfunction bug_tmstmp24 () public payable {\n\tuint pastBlockTime_tmstmp24; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp24); // only 1 transaction per block //bug\n pastBlockTime_tmstmp24 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string constant tokenName = \"Dan Pan Coin\";\nfunction bug_tmstmp5() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string constant tokenSymbol = \"DPC\";\naddress winner_tmstmp15;\nfunction play_tmstmp15(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp15 = msg.sender;}}\n uint8 constant tokenDecimals = 2;\nfunction bug_tmstmp28 () public payable {\n\tuint pastBlockTime_tmstmp28; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp28); // only 1 transaction per block //bug\n pastBlockTime_tmstmp28 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 _totalSupply = 10000000000;\naddress winner_tmstmp34;\nfunction play_tmstmp34(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp34 = msg.sender;}}\n uint256 public basePercent = 100;\nfunction bug_tmstmp21() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint256 public dpPercent = 5;\naddress winner_tmstmp10;\nfunction play_tmstmp10(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp10 = msg.sender;}}\n address public DanPanAddress = msg.sender;\nuint256 bugv_tmstmp1 = block.timestamp;\n event DanPanPercentChanged(uint256 previousDanPanPercent, uint256 newDanPanPercent);\nuint256 bugv_tmstmp2 = block.timestamp;\n event DanPanAddressChanged(address indexed previousDanPan, address indexed newDanPan);\nuint256 bugv_tmstmp3 = block.timestamp;\n event WhitelistFrom(address _addr, bool _whitelisted);\nuint256 bugv_tmstmp4 = block.timestamp;\n event WhitelistTo(address _addr, bool _whitelisted);\n \n // fee whitelist\n address winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n mapping(address => bool) public whitelistFrom;\n function bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping(address => bool) public whitelistTo;\n\n constructor() public ERC20Detailed(tokenName, tokenSymbol, tokenDecimals) {\n _mint(msg.sender, _totalSupply);\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n function findOnePercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 onePercent = roundValue.mul(basePercent).div(10000);\n return onePercent;\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function findDPPercent(uint256 value) public view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 DPPercent = roundValue.mul(basePercent).div(10000).mul(dpPercent);\n return DPPercent;\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function transfer(address to, uint256 value) public returns (bool) {\n require(value <= _balances[msg.sender]);\n require(to != address(0));\n \n // If transfer amount is zero\n // emit event and stop execution\n if (value == 0) {\n emit Transfer(msg.sender, to, 0);\n return true;\n }\n\n \n \n // Calculate receiver balance\n // initial receive is full value\n uint256 tokensToTransfer = value;\n uint256 tokensToBurn = 0;\n uint256 tokensToDanPan = 0;\n \n \n // Change sender balance\n _balances[msg.sender] = _balances[msg.sender].sub(value);\n\n // If the transaction is not whitelisted\n // calculate fees\n if (!_isWhitelisted(msg.sender, to)) {\n \n tokensToBurn = findOnePercent(value);\n tokensToDanPan = findDPPercent(value);\n\n // Subtract fees from receiver amount\n tokensToTransfer = value.sub(tokensToBurn).sub(tokensToDanPan);\n\n // Burn tokens\n _totalSupply = _totalSupply.sub(tokensToBurn);\n emit Transfer(msg.sender, address(0), tokensToBurn);\n \n \n // Transfer balance to DanPan\n _balances[DanPanAddress] = _balances[DanPanAddress].add(tokensToDanPan);\n emit Transfer(msg.sender, DanPanAddress, tokensToDanPan);\n\n }\n\n // Sanity checks\n // no tokens where created\n assert(tokensToBurn.add(tokensToTransfer).add(tokensToDanPan) == value);\n\n // Add tokens to receiver\n _balances[to] = _balances[to].add(tokensToTransfer);\n emit Transfer(msg.sender, to, tokensToTransfer);\n \n \n \n return true;\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function approve(address spender, uint256 value) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = value;\n emit Approval(msg.sender, spender, value);\n return true;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n require(value <= _balances[from]);\n require(value <= _allowed[from][msg.sender]);\n require(to != address(0));\n \n // If transfer amount is zero\n // emit event and stop execution\n if (value == 0) {\n emit Transfer(from, to, 0);\n return true;\n }\n\n // Calculate receiver balance\n // initial receive is full value\n uint256 tokensToTransfer = value;\n uint256 tokensToBurn = 0;\n uint256 tokensToDanPan = 0;\n \n // Change sender balance\n _balances[from] = _balances[from].sub(value);\n\n // If the transaction is not whitelisted\n // calculate fees\n if (!_isWhitelisted(from, to)) {\n \n tokensToBurn = findOnePercent(value);\n tokensToDanPan = findDPPercent(value);\n\n // Subtract fees from receiver amount\n tokensToTransfer = value.sub(tokensToBurn).sub(tokensToDanPan);\n\n // Burn tokens\n _totalSupply = _totalSupply.sub(tokensToBurn);\n emit Transfer(from, address(0), tokensToBurn);\n \n \n // Transfer balance to DanPan\n _balances[DanPanAddress] = _balances[DanPanAddress].add(tokensToDanPan);\n emit Transfer(from, DanPanAddress, tokensToDanPan);\n\n }\n\n // Sanity checks\n // no tokens where created\n assert(tokensToBurn.add(tokensToTransfer).add(tokensToDanPan) == value);\n\n // Add tokens to receiver\n _balances[to] = _balances[to].add(tokensToTransfer);\n\t_allowed[from][msg.sender] = _allowed[from][msg.sender].sub(value);\n emit Transfer(from, to, tokensToTransfer);\n \n \n \n return true;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].add(addedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n require(spender != address(0));\n _allowed[msg.sender][spender] = (_allowed[msg.sender][spender].sub(subtractedValue));\n emit Approval(msg.sender, spender, _allowed[msg.sender][spender]);\n return true;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function _mint(address account, uint256 amount) internal {\n require(amount != 0);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function burn(uint256 amount) external {\n _burn(msg.sender, amount);\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n function _burn(address account, uint256 amount) internal {\n require(amount != 0);\n require(amount <= _balances[account]);\n _totalSupply = _totalSupply.sub(amount);\n _balances[account] = _balances[account].sub(amount);\n emit Transfer(account, address(0), amount);\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function burnFrom(address account, uint256 amount) external {\n require(amount <= _allowed[account][msg.sender]);\n _allowed[account][msg.sender] = _allowed[account][msg.sender].sub(amount);\n _burn(account, amount);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n \n function NewDanPanAddress(address newDanPanaddress) external onlyOwner {\n require(newDanPanaddress != address(0));\n emit DanPanAddressChanged(DanPanAddress, newDanPanaddress);\n DanPanAddress = newDanPanaddress;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function NewDanPanPercent(uint256 newDanPanpercent) external onlyOwner {\n emit DanPanPercentChanged(dpPercent, newDanPanpercent);\n dpPercent = newDanPanpercent;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function _isWhitelisted(address _from, address _to) internal view returns (bool) {\n \n return whitelistFrom[_from]||whitelistTo[_to];\n}\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n \n function setWhitelistedTo(address _addr, bool _whitelisted) external onlyOwner {\n emit WhitelistTo(_addr, _whitelisted);\n whitelistTo[_addr] = _whitelisted;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function setWhitelistedFrom(address _addr, bool _whitelisted) external onlyOwner {\n emit WhitelistFrom(_addr, _whitelisted);\n whitelistFrom[_addr] = _whitelisted;\n}\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n" + }, + { + "contract": "DocumentSigner.sol", + "label": "time_manipulation", + "code": "/*\n * @source: https://github.com/DependableSystemsLab/SolidiFI-benchmark/blob/master/buggy_contracts/Timestamp-Dependency/buggy_10.sol\n * @author: -\n * @vulnerable_at_lines: 18,20\n */\n\npragma solidity ^0.5.0;\n\ncontract DocumentSigner {\n function bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping(bytes32=>string) public docs;\n address winner_tmstmp27;\n function play_tmstmp27(uint startTime) public {\n uint _vtime = block.timestamp;\n // TIME_MANIPULATION\n if (startTime + (5 * 1 days) == _vtime){\n winner_tmstmp27 = msg.sender;}}\n mapping(bytes32=>address[]) public signers;\n\n modifier validDoc(bytes32 _docHash) {\n require(bytes(docs[_docHash]).length != 0, \"Document is not submitted\");\n _;\n }\n uint256 bugv_tmstmp2 = block.timestamp;\n\n uint256 bugv_tmstmp3 = block.timestamp;\n event Sign(bytes32 indexed _doc, address indexed _signer);\n uint256 bugv_tmstmp4 = block.timestamp;\n event NewDocument(bytes32 _docHash);\n\n function submitDocument(string memory _doc) public {\n bytes32 _docHash = getHash(_doc);\n if(bytes(docs[_docHash]).length == 0) {\n docs[_docHash] = _doc;\n emit NewDocument(_docHash);\n }\n }\n address winner_tmstmp31;\n function play_tmstmp31(uint startTime) public {\n uint _vtime = block.timestamp;\n // TIME_MANIPULATION\n if (startTime + (5 * 1 days) == _vtime){\n winner_tmstmp31 = msg.sender;}}\n\n function signDocument(bytes32 _docHash) public validDoc(_docHash){\n address[] storage _signers = signers[_docHash];\n for(uint i = 0; i < _signers.length; i++) {\n if(_signers[i] == msg.sender) return;\n }\n _signers.push(msg.sender);\n }\n function bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function getDetail(bytes32 _docHash) public validDoc(_docHash) view returns(string memory _doc, address[] memory _signers) {\n _doc = docs[_docHash];\n _signers = signers[_docHash];\n }\n uint256 bugv_tmstmp5 = block.timestamp;\n\n function getHash(string memory _doc) public pure returns(bytes32) {\n return keccak256(abi.encodePacked(_doc));\n }\n uint256 bugv_tmstmp1 = block.timestamp;\n}" + }, + { + "contract": "buggy_32.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, May 9, 2019\n (UTC) */\n\npragma solidity ^0.5.7;\n/**\n * \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557\n * \u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2551\n * \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2551 \u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2588\u2588\u2554\u2588\u2588\u2551\n * \u2588\u2588\u2554\u2550\u2550\u255d \u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2551\u255a\u2588\u2588\u2554\u255d\u2588\u2588\u2551\n * \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u255a\u2550\u255d \u2588\u2588\u2551\n * \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d \n */\n\n/**\n * @title SafeMath\n * @dev Unsigned math operations with safety checks that revert on error.\n */\nlibrary SafeMath {\n\n /**\n * @dev Subtracts two unsigned integers, reverts on overflow (i.e. if subtrahend is greater than minuend).\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Adds two unsigned integers, reverts on overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n}\n\n/**\n * Token contract interface for external use\n */\ncontract ERC20TokenInterface {\n\n function balanceOf(address _owner) public view returns (uint256 value);\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function transfer(address _to, uint256 _value) public returns (bool success);\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function approve(address _spender, uint256 _value) public returns (bool success);\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n function allowance(address _owner, address _spender) public view returns (uint256 remaining);\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n }\n\n/**\n* @title Token definition\n* @dev Define token paramters including ERC20 ones\n*/\ncontract ERC20Token is ERC20TokenInterface {\n using SafeMath for uint256;\n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public totalSupply;\n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n mapping (address => uint256) balances; //A mapping of all balances per address\n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => mapping (address => uint256)) allowed; //A mapping of all allowances\n\n /**\n * @dev Get the balance of an specified address.\n * @param _owner The address to be query.\n */\n function balanceOf(address _owner) public view returns (uint256 value) {\n return balances[_owner];\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * @dev transfer token to a specified address\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n balances[msg.sender] = balances[msg.sender].sub(_value);\n balances[_to] = balances[_to].add(_value);\n emit Transfer(msg.sender, _to, _value);\n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n /**\n * @dev transfer token from an address to another specified address using allowance\n * @param _from The address where token comes.\n * @param _to The address to transfer to.\n * @param _value The amount to be transferred.\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n allowed[_from][msg.sender] = allowed[_from][msg.sender].sub(_value);\n balances[_from] = balances[_from].sub(_value);\n balances[_to] = balances[_to].add(_value);\n emit Transfer(_from, _to, _value);\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /**\n * @dev Assign allowance to an specified address to use the owner balance\n * @param _spender The address to be allowed to spend.\n * @param _value The amount to be allowed.\n */\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowed[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * @dev Get the allowance of an specified address to use another address balance.\n * @param _owner The address of the owner of the tokens.\n * @param _spender The address of the allowed spender.\n */\n function allowance(address _owner, address _spender) public view returns (uint256 remaining) {\n return allowed[_owner][_spender];\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n /**\n * @dev Log Events\n */\n uint256 bugv_tmstmp3 = block.timestamp;\n event Transfer(address indexed _from, address indexed _to, uint256 _value);\n uint256 bugv_tmstmp4 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n}\n\n/**\n* @title Asset\n* @dev Initial supply creation\n*/\ncontract AsseteGram is ERC20Token {\n address winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n string public name = 'Electronic Gram';\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n uint8 public decimals = 3;\n address winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n string public symbol = 'eGram';\n address winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n string public version = '2';\n\n constructor() public {\n address initialOwner = 0xac775cD446889ac167da466692449ece5439fc12;\n totalSupply = 180000000 * (10**uint256(decimals)); //initial token creation\n balances[initialOwner] = totalSupply;\n emit Transfer(address(0), initialOwner, balances[initialOwner]);\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n /**\n *@dev Function to handle callback calls\n */\n function() external {\n revert();\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n\n}\n" + }, + { + "contract": "buggy_40.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-25\n*/\n\npragma solidity ^0.5.8;\n\n/**\n * @dev Wrappers over Solidity's arithmetic operations with added overflow\n * checks.\n *\n * Arithmetic operations in Solidity wrap on overflow. This can easily result\n * in bugs, because programmers usually assume that an overflow raises an\n * error, which is the standard behavior in high level programming languages.\n * `SafeMath` restores this intuition by reverting the transaction when an\n * operation overflows.\n *\n * Using this library instead of the unchecked operations eliminates an entire\n * class of bugs, so it's recommended to use it always.\n */\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\n\n/**\n * @dev Interface of the ERC20 standard as defined in the EIP. Does not include\n * the optional functions; to access them see `ERC20Detailed`.\n */\ninterface IERC20 {\n /**\n * @dev Returns the amount of tokens in existence.\n */\n function totalSupply() external view returns (uint256);\n\n /**\n * @dev Returns the amount of tokens owned by `account`.\n */\n function balanceOf(address account) external view returns (uint256);\n\n /**\n * @dev Moves `amount` tokens from the caller's account to `recipient`.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a `Transfer` event.\n */\n function transfer(address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Returns the remaining number of tokens that `spender` will be\n * allowed to spend on behalf of `owner` through `transferFrom`. This is\n * zero by default.\n *\n * This value changes when `approve` or `transferFrom` are called.\n */\n function allowance(address owner, address spender) external view returns (uint256);\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the caller's tokens.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * > Beware that changing an allowance with this method brings the risk\n * that someone may use both the old and the new allowance by unfortunate\n * transaction ordering. One possible solution to mitigate this race\n * condition is to first reduce the spender's allowance to 0 and set the\n * desired value afterwards:\n * https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729\n *\n * Emits an `Approval` event.\n */\n function approve(address spender, uint256 amount) external returns (bool);\n\n /**\n * @dev Moves `amount` tokens from `sender` to `recipient` using the\n * allowance mechanism. `amount` is then deducted from the caller's\n * allowance.\n *\n * Returns a boolean value indicating whether the operation succeeded.\n *\n * Emits a `Transfer` event.\n */\n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to `approve`. `value` is the new allowance.\n */\n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\n\n/**\n * @dev Implementation of the `IERC20` interface.\n *\n * This implementation is agnostic to the way tokens are created. This means\n * that a supply mechanism has to be added in a derived contract using `_mint`.\n * For a generic mechanism see `ERC20Mintable`.\n *\n * *For a detailed writeup see our guide [How to implement supply\n * mechanisms](https://forum.zeppelin.solutions/t/how-to-implement-erc20-supply-mechanisms/226).*\n *\n * We have followed general OpenZeppelin guidelines: functions revert instead\n * of returning `false` on failure. This behavior is nonetheless conventional\n * and does not conflict with the expectations of ERC20 applications.\n *\n * Additionally, an `Approval` event is emitted on calls to `transferFrom`.\n * This allows applications to reconstruct the allowance for all accounts just\n * by listening to said events. Other implementations of the EIP may not emit\n * these events, as it isn't required by the specification.\n *\n * Finally, the non-standard `decreaseAllowance` and `increaseAllowance`\n * functions have been added to mitigate the well-known issues around setting\n * allowances. See `IERC20.approve`.\n */\ncontract ERC20 is IERC20 {\n using SafeMath for uint256;\n\n address winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n mapping (address => uint256) private _balances;\n\n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n mapping (address => mapping (address => uint256)) private _allowances;\n\n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 private _totalSupply;\n\n /**\n * @dev See `IERC20.totalSupply`.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n /**\n * @dev See `IERC20.balanceOf`.\n */\n function balanceOf(address account) public view returns (uint256) {\n return _balances[account];\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n /**\n * @dev See `IERC20.transfer`.\n *\n * Requirements:\n *\n * - `recipient` cannot be the zero address.\n * - the caller must have a balance of at least `amount`.\n */\n function transfer(address recipient, uint256 amount) public returns (bool) {\n _transfer(msg.sender, recipient, amount);\n return true;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n /**\n * @dev See `IERC20.allowance`.\n */\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowances[owner][spender];\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n /**\n * @dev See `IERC20.approve`.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev See `IERC20.transferFrom`.\n *\n * Emits an `Approval` event indicating the updated allowance. This is not\n * required by the EIP. See the note at the beginning of `ERC20`;\n *\n * Requirements:\n * - `sender` and `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `value`.\n * - the caller must have allowance for `sender`'s tokens of at least\n * `amount`.\n */\n function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));\n return true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n /**\n * @dev Atomically increases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));\n return true;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Atomically decreases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `spender` must have allowance for the caller of at least\n * `subtractedValue`.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue));\n return true;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /**\n * @dev Moves tokens `amount` from `sender` to `recipient`.\n *\n * This is internal function is equivalent to `transfer`, and can be used to\n * e.g. implement automatic token fees, slashing mechanisms, etc.\n *\n * Emits a `Transfer` event.\n *\n * Requirements:\n *\n * - `sender` cannot be the zero address.\n * - `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `amount`.\n */\n function _transfer(address sender, address recipient, uint256 amount) internal {\n require(sender != address(0), \"ERC20: transfer from the zero address\");\n require(recipient != address(0), \"ERC20: transfer to the zero address\");\n\n _balances[sender] = _balances[sender].sub(amount);\n _balances[recipient] = _balances[recipient].add(amount);\n emit Transfer(sender, recipient, amount);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /** @dev Creates `amount` tokens and assigns them to `account`, increasing\n * the total supply.\n *\n * Emits a `Transfer` event with `from` set to the zero address.\n *\n * Requirements\n *\n * - `to` cannot be the zero address.\n */\n function _mint(address account, uint256 amount) internal {\n require(account != address(0), \"ERC20: mint to the zero address\");\n\n _totalSupply = _totalSupply.add(amount);\n _balances[account] = _balances[account].add(amount);\n emit Transfer(address(0), account, amount);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * @dev Destoys `amount` tokens from `account`, reducing the\n * total supply.\n *\n * Emits a `Transfer` event with `to` set to the zero address.\n *\n * Requirements\n *\n * - `account` cannot be the zero address.\n * - `account` must have at least `amount` tokens.\n */\n function _burn(address account, uint256 value) internal {\n require(account != address(0), \"ERC20: burn from the zero address\");\n\n _totalSupply = _totalSupply.sub(value);\n _balances[account] = _balances[account].sub(value);\n emit Transfer(account, address(0), value);\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the `owner`s tokens.\n *\n * This is internal function is equivalent to `approve`, and can be used to\n * e.g. set automatic allowances for certain subsystems, etc.\n *\n * Emits an `Approval` event.\n *\n * Requirements:\n *\n * - `owner` cannot be the zero address.\n * - `spender` cannot be the zero address.\n */\n function _approve(address owner, address spender, uint256 value) internal {\n require(owner != address(0), \"ERC20: approve from the zero address\");\n require(spender != address(0), \"ERC20: approve to the zero address\");\n\n _allowances[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /**\n * @dev Destoys `amount` tokens from `account`.`amount` is then deducted\n * from the caller's allowance.\n *\n * See `_burn` and `_approve`.\n */\n function _burnFrom(address account, uint256 amount) internal {\n _burn(account, amount);\n _approve(account, msg.sender, _allowances[account][msg.sender].sub(amount));\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\n/**\n * @dev Optional functions from the ERC20 standard.\n */\ncontract ERC20Detailed is IERC20 {\n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string private _name;\n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n string private _symbol;\n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint8 private _decimals;\n\n /**\n * @dev Sets the values for `name`, `symbol`, and `decimals`. All three of\n * these values are immutable: they can only be set once during\n * construction.\n */\n constructor (string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n /**\n * @dev Returns the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n /**\n * @dev Returns the symbol of the token, usually a shorter version of the\n * name.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n\n /**\n * @dev Returns the number of decimals used to get its user representation.\n * For example, if `decimals` equals `2`, a balance of `505` tokens should\n * be displayed to a user as `5,05` (`505 / 10 ** 2`).\n *\n * Tokens usually opt for a value of 18, imitating the relationship between\n * Ether and Wei.\n *\n * > Note that this information is only used for _display_ purposes: it in\n * no way affects any of the arithmetic of the contract, including\n * `IERC20.balanceOf` and `IERC20.transfer`.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nuint256 bugv_tmstmp3 = block.timestamp;\n}\n\ncontract SimpleSwapCoin is ERC20, ERC20Detailed {\n constructor() ERC20Detailed(\"SimpleSwap Coin\", \"SWAP\", 8) public {\n _mint(msg.sender, 100000000 * (10 ** 8));\n }\nuint256 bugv_tmstmp4 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_15.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, April 30, 2019\n (UTC) */\n\npragma solidity ^0.5.7;\n\ninterface tokenRecipient { \n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\ncontract MD{\n // Public variables of the token\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n string public name;\n address winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n string public symbol;\n address winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n function bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public totalSupply;\n\n // This creates an array with all balances\n address winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n mapping (address => uint256) public balanceOf;\n function bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n uint256 bugv_tmstmp4 = block.timestamp;\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constructor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value >= balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` on behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /**\n * Set allowance for other address and notify\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n * @param _extraData some extra information to send to the approved contract\n */\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData)\n public\n returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n}" + }, + { + "contract": "buggy_33.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.11;\n\ncontract Owned {\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public newOwner;\n\n uint256 bugv_tmstmp2 = block.timestamp;\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner || msg.sender == address(this));\n _;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n}\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n function ceil(uint256 a, uint256 m) internal pure returns (uint256) {\n uint256 c = add(a,m);\n uint256 d = sub(c,1);\n return mul(div(d,m),m);\n }\n}\n\ncontract Token{\n function balanceOf(address who) external view returns (uint256);\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n function transferFrom(address from, address to, uint256 value) external returns (bool);\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function transfer(address to, uint256 value) external returns (bool);\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n}\n\ncontract Staking is Owned{\n address winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n Token public token;\n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n bool lock;\n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public minstakeTokens;\n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 private basePercent = 200;\n using SafeMath for uint256;\n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n uint256 public stakeTime = 1814400; // 3 weeks = 3*7*24*60*60 OR 1 week = 604800 secs, 3 weeks = 3*604800 = 1,814,400\n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint public stakePercentage = 30;\n uint256 bugv_tmstmp3 = block.timestamp;\n event stakingstarted(address staker, uint256 tokens, uint256 time);\n uint256 bugv_tmstmp4 = block.timestamp;\n event tokensRedeemed(address staker, uint256 stakedTokens, uint256 reward);\n \n struct stake{\n uint256 time;\n bool redeem;\n uint256 tokens;\n }\n address winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n mapping(address => stake) staker;\n \n \n constructor(address tokenContractAddress) public{\n token = Token(tokenContractAddress);\n owner = msg.sender;\n minstakeTokens = 500 * 10 ** uint(10);\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function startStaking(uint256 stakeTokens) public{\n require(stakeTokens >= minstakeTokens);\n require(token.balanceOf(msg.sender) >= stakeTokens + findOnePercent(stakeTokens));\n require(token.transferFrom(msg.sender, address(this), stakeTokens + findOnePercent(stakeTokens)));\n staker[msg.sender].time = now;\n staker[msg.sender].tokens = staker[msg.sender].tokens + stakeTokens;\n emit stakingstarted(msg.sender, staker[msg.sender].tokens, staker[msg.sender].time);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n \n function redeem() public{\n require(!lock);\n require(!staker[msg.sender].redeem);\n require(staker[msg.sender].time + stakeTime <= now);\n require(token.transfer(msg.sender,staker[msg.sender].tokens));\n require(token.transferFrom(owner, msg.sender ,staker[msg.sender].tokens * stakePercentage * 100 / 10000));\n emit tokensRedeemed(msg.sender, staker[msg.sender].tokens, staker[msg.sender].tokens * stakePercentage * 100 / 10000);\n staker[msg.sender].redeem = true;\n staker[msg.sender].tokens = 0;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function changeStakeTokens(uint256 _NewTokensThreshold) public onlyOwner{\n minstakeTokens = _NewTokensThreshold * 10 ** uint(10);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function changeStakeTime(uint256 _newStakeTime) public onlyOwner{\n stakeTime = _newStakeTime;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n \n function changeStakingPercentage(uint _newStakePercentage) public onlyOwner{\n stakePercentage = _newStakePercentage;\n \n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n \n function lockWithdrawals() public onlyOwner{\n lock = true;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function findOnePercent(uint256 value) private view returns (uint256) {\n uint256 roundValue = value.ceil(basePercent);\n uint256 onePercent = roundValue.mul(basePercent).div(10000);\n return onePercent;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n}\n" + }, + { + "contract": "ether_lotto.sol", + "label": "time_manipulation", + "code": "/*\n * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620\n * @source: https://etherscan.io/address/0xa11e4ed59dc94e69612f3111942626ed513cb172#code\n * @vulnerable_at_lines: 43\n * @author: -\n */\n\n pragma solidity ^0.4.15;\n\n/// @title Ethereum Lottery Game.\n\ncontract EtherLotto {\n\n // Amount of ether needed for participating in the lottery.\n uint constant TICKET_AMOUNT = 10;\n\n // Fixed amount fee for each lottery game.\n uint constant FEE_AMOUNT = 1;\n\n // Address where fee is sent.\n address public bank;\n\n // Public jackpot that each participant can win (minus fee).\n uint public pot;\n\n // Lottery constructor sets bank account from the smart-contract owner.\n function EtherLotto() {\n bank = msg.sender;\n }\n\n // Public function for playing lottery. Each time this function\n // is invoked, the sender has an oportunity for winning pot.\n function play() payable {\n\n // Participants must spend some fixed ether before playing lottery.\n assert(msg.value == TICKET_AMOUNT);\n\n // Increase pot for each participant.\n pot += msg.value;\n\n // Compute some *almost random* value for selecting winner from current transaction.\n // TIME_MANIPULATION\n var random = uint(sha3(block.timestamp)) % 2;\n\n // Distribution: 50% of participants will be winners.\n if (random == 0) {\n\n // Send fee to bank account.\n bank.transfer(FEE_AMOUNT);\n\n // Send jackpot to winner.\n msg.sender.transfer(pot - FEE_AMOUNT);\n\n // Restart jackpot.\n pot = 0;\n }\n }\n\n}\n" + }, + { + "contract": "buggy_21.sol", + "label": "time_manipulation", + "code": "pragma solidity ^0.5.11;\n\ncontract Token {\n function transfer(address to, uint256 value) public returns (bool success);\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n function transferFrom(address from, address to, uint256 value) public returns (bool success);\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n function balanceOf(address account) external view returns(uint256);\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n function allowance(address _owner, address _spender)external view returns(uint256);\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n}\n\nlibrary SafeMath{\n function mul(uint256 a, uint256 b) internal pure returns (uint256) \n {\n if (a == 0) {\n return 0;}\n uint256 c = a * b;\n assert(c / a == b);\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) \n {\n uint256 c = a / b;\n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) \n {\n assert(b <= a);\n return a - b;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) \n {\n uint256 c = a + b;\n assert(c >= a);\n return c;\n }\n\n}\n\ncontract StableDEX {\n using SafeMath for uint256;\n \n uint256 bugv_tmstmp4 = block.timestamp;\n event DepositandWithdraw(address from,address tokenAddress,uint256 amount,uint256 type_); //Type = 0-deposit 1- withdraw , Token address = address(0) - eth , address - token address;\n \n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address payable admin;\n \n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n address public feeAddress;\n \n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n bool private dexStatus; \n \n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint256 public tokenId=0;\n \n struct orders{\n address userAddress;\n address tokenAddress;\n uint256 type_;\n uint256 price;\n uint256 total;\n uint256 _decimal;\n uint256 tradeTotal;\n uint256 amount;\n uint256 tradeAmount;\n uint256 pairOrderID;\n uint256 status; \n }\n \n struct tokens{\n address tokenAddress;\n string tokenSymbol;\n uint256 decimals;\n bool status;\n }\n \n \n constructor(address payable _admin,address feeAddress_) public{\n admin = _admin;\n feeAddress = feeAddress_;\n dexStatus = true;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n \n address winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n mapping(uint256=>orders) public Order; //place order by passing userID and orderID as argument;\n \n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n mapping(address=>mapping(address=>uint256))public userDetails; // trader token balance;\n \n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping(address=>mapping(address=>uint256))public feeAmount;\n \n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping(address=>uint256) public withdrawfee;\n \n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n mapping(uint256=>mapping(uint256=>bool)) public orderPairStatus;\n \n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping(address=>tokens) public tokendetails;\n \n modifier dexstatuscheck(){\n require(dexStatus==true);\n _;\n }\nuint256 bugv_tmstmp3 = block.timestamp;\n \n function setDexStatus(bool status_) public returns(bool){\n require(msg.sender == admin);\n dexStatus = status_;\n return true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}} \n \n function addToken(address tokenAddress,string memory tokenSymbol,uint256 decimal_) public returns(bool){\n require(msg.sender == feeAddress && tokendetails[tokenAddress].status==false);\n tokendetails[tokenAddress].tokenSymbol=tokenSymbol;\n tokendetails[tokenAddress].decimals=decimal_;\n tokendetails[tokenAddress].status=true;\n return true;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function deposit() dexstatuscheck public payable returns(bool) {\n require(msg.value > 0);\n userDetails[msg.sender][address(0)]=userDetails[msg.sender][address(0)].add(msg.value);\n emit DepositandWithdraw( msg.sender, address(0),msg.value,0);\n return true;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n \n function tokenDeposit(address tokenaddr,uint256 tokenAmount) dexstatuscheck public returns(bool)\n {\n require(tokenAmount > 0 && tokendetails[tokenaddr].status==true);\n require(tokenallowance(tokenaddr,msg.sender) > 0);\n userDetails[msg.sender][tokenaddr] = userDetails[msg.sender][tokenaddr].add(tokenAmount);\n Token(tokenaddr).transferFrom(msg.sender,address(this), tokenAmount);\n emit DepositandWithdraw( msg.sender,tokenaddr,tokenAmount,0);\n return true;\n \n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function withdraw(uint8 type_,address tokenaddr,uint256 amount) dexstatuscheck public returns(bool) {\n require(type_ ==0 || type_ == 1);\n if(type_==0){ // withdraw ether\n require(tokenaddr == address(0));\n require(amount>0 && amount <= userDetails[msg.sender][address(0)] && withdrawfee[address(0)]0 && amount <= userDetails[msg.sender][tokenaddr] && withdrawfee[tokenaddr]= 1546300800;\n }\n\n function adminProfitWithdraw(uint8 type_,address tokenAddr)public returns(bool){ // tokenAddr = type 0 - address(0), type 1 - token address;\n require(msg.sender == admin);\n require(type_ ==0 || type_ == 1);\n if(type_==0){ // withdraw ether\n admin.transfer(feeAmount[admin][address(0)]);\n feeAmount[admin][address(0)]=0;\n \n }\n else{ //withdraw token\n require(tokenAddr != address(0)) ;\n Token(tokenAddr).transfer(admin, feeAmount[admin][tokenAddr]);\n feeAmount[admin][tokenAddr]=0;\n }\n \n \n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n \n \n function setwithdrawfee(address[] memory addr,uint256[] memory feeamount)public returns(bool)\n {\n require(msg.sender==admin);\n //array length should be within 10.\n require(addr.length <10 && feeamount.length < 10 && addr.length==feeamount.length);\n for(uint8 i=0;i 0 && amount__ <= userDetails[traderAddresses[1]][traderAddresses[0]]);\n // stores placed order details\n Order[orderiD].userAddress = traderAddresses[1];\n Order[orderiD].type_ = tradeDetails[6];\n Order[orderiD].price = tradeDetails[2];\n Order[orderiD].amount = tradeDetails[1];\n Order[orderiD].total = tradeDetails[3];\n Order[orderiD].tradeTotal = tradeDetails[3];\n Order[orderiD]._decimal = tradeDetails[7];\n Order[orderiD].tokenAddress = traderAddresses[0]; \n // freeze trade amount;\n userDetails[traderAddresses[1]][traderAddresses[0]]=userDetails[traderAddresses[1]][traderAddresses[0]].sub(amount__);\n // store total trade count\n Order[orderiD].tradeAmount=tradeDetails[1];\n Order[orderiD].status=1;\n \n }\n else if(Order[orderiD].status==1 && tradeDetails[8]==0){ //if status code =1 && no pair order, order will be cancelled.\n cancelOrder(orderiD);\n }\n if(Order[orderiD].status==1 && tradeDetails[1] > 0 && tradeDetails[8]>0 && Order[tradeDetails[8]].status==1 && tradeDetails[3]>0){ //order mapping\n \n Order[orderiD].tradeAmount =Order[orderiD].tradeAmount.sub(tradeDetails[1]);\n Order[tradeDetails[8]].tradeAmount =Order[tradeDetails[8]].tradeAmount.sub(tradeDetails[1]);\n if(tradeDetails[2]>0){\n userDetails[Order[orderiD].userAddress][Order[orderiD].tokenAddress]=userDetails[Order[orderiD].userAddress][Order[orderiD].tokenAddress].add(tradeDetails[2]);\n }\n Order[orderiD].tradeTotal =Order[orderiD].tradeTotal.sub(((tradeDetails[1].mul(Order[orderiD].price)).div(Order[orderiD]._decimal)));\n Order[tradeDetails[8]].tradeTotal =Order[tradeDetails[8]].tradeTotal.sub(((tradeDetails[1].mul(Order[tradeDetails[8]].price)).div(Order[tradeDetails[8]]._decimal)));\n \n \n if(tradeDetails[6] == 1 || tradeDetails[6]==3)\n {\n userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress]=userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress].add(tradeDetails[1]);\n userDetails[Order[orderiD].userAddress][traderAddresses[0]]= userDetails[Order[orderiD].userAddress][traderAddresses[0]].sub(tradeDetails[4]); \n feeAmount[admin][traderAddresses[0]]= feeAmount[admin][traderAddresses[0]].add(tradeDetails[4]);\n }\n else\n {\n userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress]=userDetails[Order[orderiD].userAddress][Order[tradeDetails[8]].tokenAddress].add(tradeDetails[1].sub(tradeDetails[4]));\n feeAmount[admin][Order[tradeDetails[8]].tokenAddress]= feeAmount[admin][Order[tradeDetails[8]].tokenAddress].add(tradeDetails[4]);\n }\n if(tradeDetails[6] == 2 || tradeDetails[6]==3)\n {\n userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress]=userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress].add(tradeDetails[3]);\n userDetails[Order[tradeDetails[8]].userAddress][traderAddresses[0]]= userDetails[Order[tradeDetails[8]].userAddress][traderAddresses[0]].sub(tradeDetails[5]);\n feeAmount[admin][traderAddresses[0]]= feeAmount[admin][traderAddresses[0]].add(tradeDetails[5]);\n }\n else\n {\n userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress]=userDetails[Order[tradeDetails[8]].userAddress][Order[orderiD].tokenAddress].add(tradeDetails[3].sub(tradeDetails[5]));\n feeAmount[admin][Order[orderiD].tokenAddress]= feeAmount[admin][Order[orderiD].tokenAddress].add(tradeDetails[5]);\n }\n \n \n if(Order[tradeDetails[8]].tradeAmount==0){\n Order[tradeDetails[8]].status=2; \n }\n if(Order[orderiD].tradeAmount==0){\n Order[orderiD].status=2; \n }\n orderPairStatus[orderiD][tradeDetails[8]] = true;\n }\n\n return true; \n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function cancelOrder(uint256 orderid)internal returns(bool){\n if(Order[orderid].status==1){\n if(Order[orderid].type_ == 0){\n userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress]=userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress].add(Order[orderid].tradeTotal); \n }\n else{\n userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress]=userDetails[ Order[orderid].userAddress][Order[orderid].tokenAddress].add(Order[orderid].tradeAmount);\n }\n Order[orderid].status=3; // cancelled\n }\n return true;\n}\nuint256 bugv_tmstmp5 = block.timestamp;\n \n \n function viewTokenBalance(address tokenAddr,address baladdr)public view returns(uint256){\n return Token(tokenAddr).balanceOf(baladdr);\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n \n function tokenallowance(address tokenAddr,address owner) public view returns(uint256){\n return Token(tokenAddr).allowance(owner,address(this));\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n \n}\n" + }, + { + "contract": "AZT.sol", + "label": "time_manipulation", + "code": "/*\n * @source: https://github.com/DependableSystemsLab/SolidiFI-benchmark/blob/master/buggy_contracts/Timestamp-Dependency/buggy_17.sol\n * @author: -\n * @vulnerable_at_lines: 60, 76\n */\n\npragma solidity ^0.5.0;\n\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n require(c / a == b);\n return c;\n }\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b > 0);\n uint256 c = a / b;\n return c;\n }\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n return c;\n }\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a && c >= b);\n return c;\n }\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n function max256(uint256 a, uint256 b) internal pure returns (uint256) {\n return a >= b ? a : b;\n }\n function min256(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n}\n\ncontract owned {\n function bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\n address winner_tmstmp7;\n function play_tmstmp7(uint startTime) public {\n uint _vtime = block.timestamp;\n // TIME_MANIPULATION\n if (startTime + (5 * 1 days) == _vtime){\n winner_tmstmp7 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\n uint256 bugv_tmstmp1 = block.timestamp;\n\n function transferOwnership(address newOwner) onlyOwner public {\n owner = newOwner;\n }\n address winner_tmstmp23;\n function play_tmstmp23(uint startTime) public {\n uint _vtime = block.timestamp;\n // TIME_MANIPULATION\n if (startTime + (5 * 1 days) == _vtime){\n winner_tmstmp23 = msg.sender;}}\n}\n\ninterface tokenRecipient {\n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\n\ncontract TokenERC20 {\n using SafeMath for uint256;\n address winner_tmstmp2;\n function play_tmstmp2(uint startTime) public {\n if (startTime + (5 * 1 days) == block.timestamp){\n winner_tmstmp2 = msg.sender;}}\n string public name;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public symbol;\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint8 public decimals;\n address winner_tmstmp3;\n function play_tmstmp3(uint startTime) public {\n uint _vtime = block.timestamp;\n if (startTime + (5 * 1 days) == _vtime){\n winner_tmstmp3 = msg.sender;}}\n uint256 public totalSupply;\n\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => uint256) public balanceOf;\n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n uint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n uint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n uint256 bugv_tmstmp4 = block.timestamp;\n event Burn(address indexed from, uint256 value);\n\n\n constructor(string memory tokenName, string memory tokenSymbol, uint8 dec) public {\n decimals = dec;\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; \n }\n address winner_tmstmp14;\n function play_tmstmp14(uint startTime) public {\n if (startTime + (5 * 1 days) == block.timestamp){\n winner_tmstmp14 = msg.sender;}}\n\n function _transfer(address _from, address _to, uint _value) internal {\n require(_to != address(0x0));\n balanceOf[_from] = balanceOf[_from].sub(_value);\n balanceOf[_to] = balanceOf[_to].add(_value);\n emit Transfer(_from, _to, _value);\n }\n address winner_tmstmp30;\n function play_tmstmp30(uint startTime) public {\n if (startTime + (5 * 1 days) == block.timestamp){\n winner_tmstmp30 = msg.sender;}}\n\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\n function bug_tmstmp8 () public payable {\n uint pastBlockTime_tmstmp8; // Forces one bet per block\n require(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n allowance[_from][msg.sender] = allowance[_from][msg.sender].sub(_value);\n _transfer(_from, _to, _value);\n return true;\n }\n address winner_tmstmp39;\n function play_tmstmp39(uint startTime) public {\n uint _vtime = block.timestamp;\n if (startTime + (5 * 1 days) == _vtime){\n winner_tmstmp39 = msg.sender;}}\n\n\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\n function bug_tmstmp36 () public payable {\n uint pastBlockTime_tmstmp36; // Forces one bet per block\n require(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData) public returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\n address winner_tmstmp35;\n function play_tmstmp35(uint startTime) public {\n uint _vtime = block.timestamp;\n if (startTime + (5 * 1 days) == _vtime){\n winner_tmstmp35 = msg.sender;}}\n\n}\n\n\n/******************************************/\n/* ADVANCED TOKEN STARTS HERE */\n/******************************************/\n\ncontract AZT is owned, TokenERC20 {\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n\n\tstring _tokenName = \"AZ FundChain\"; address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n\tstring _tokenSymbol = \"AZT\";\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint8 _decimals = 18;\n\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n address[] public frozenAddresses;\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n bool public tokenFrozen;\n\n struct frozenWallet {\n bool isFrozen; //true or false\n uint256 rewardedAmount; //amount\n uint256 frozenAmount; //amount\n uint256 frozenTime; // in days\n }\n\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => frozenWallet) public frozenWallets;\n\n\n\n constructor() TokenERC20(_tokenName, _tokenSymbol, _decimals) public {\n\n /*Wallet A */\n frozenAddresses.push(address(0x9fd50776F133751E8Ae6abE1Be124638Bb917E05));\n frozenWallets[frozenAddresses[0]] = frozenWallet({\n isFrozen: true,\n rewardedAmount: 30000000 * 10 ** uint256(decimals),\n frozenAmount: 0 * 10 ** uint256(decimals),\n frozenTime: now + 1 * 1 hours //seconds, minutes, hours, days\n });\n\n for (uint256 i = 0; i < frozenAddresses.length; i++) {\n balanceOf[frozenAddresses[i]] = frozenWallets[frozenAddresses[i]].rewardedAmount;\n totalSupply = totalSupply.add(frozenWallets[frozenAddresses[i]].rewardedAmount);\n }\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function _transfer(address _from, address _to, uint _value) internal {\n require(_to != address(0x0));\n require(checkFrozenWallet(_from, _value));\n balanceOf[_from] = balanceOf[_from].sub(_value); \n balanceOf[_to] = balanceOf[_to].add(_value); \n emit Transfer(_from, _to, _value);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function checkFrozenWallet(address _from, uint _value) public view returns (bool) {\n return(\n _from==owner || \n (!tokenFrozen && \n (!frozenWallets[_from].isFrozen || \n now>=frozenWallets[_from].frozenTime || \n balanceOf[_from].sub(_value)>=frozenWallets[_from].frozenAmount))\n );\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n\n function burn(uint256 _value) onlyOwner public returns (bool success) {\n balanceOf[msg.sender] = balanceOf[msg.sender].sub(_value); // Subtract from the sender\n totalSupply = totalSupply.sub(_value); // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n balanceOf[_from] = balanceOf[_from].sub(_value); // Subtract from the targeted balance\n allowance[_from][msg.sender] = allowance[_from][msg.sender].sub(_value); // Subtract from the sender's allowance\n totalSupply = totalSupply.sub(_value); // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function freezeToken(bool freeze) onlyOwner public {\n tokenFrozen = freeze;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n}" + }, + { + "contract": "buggy_46.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-24\n*/\n\npragma solidity ^0.5.8;\n\ncontract ProofOfExistence {\n\nenum BlockchainIdentification {Ixxo,Ethereum,Gochain}\n\nstruct FileExistenceStruct {\nuint256 date;\naddress filesender;\nstring fileHash;\nstring filePathHash;\naddress contractAddress;\nbytes32 QRCodeHash;\nBlockchainIdentification identifier;\n}address winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n\nmapping(address => FileExistenceStruct[]) fileExistenceProofs;\n\n\n/**\n *@dev function to set the Proof of existence for a file \n */\n function SetFileExistenceProof(address dappBoxOrigin, string memory _fileHash, string memory _filePathHash, address _contractAddress ,BlockchainIdentification _identifier) public returns (bytes32)\n {\n FileExistenceStruct memory newInfo;\n uint256 _date = now;\n bytes32 QRCodeHash = generateQRCodeForFile(dappBoxOrigin,_fileHash,_filePathHash,_contractAddress ,_identifier);\n newInfo.date = _date;\n newInfo.filesender = dappBoxOrigin;\n newInfo.fileHash = _fileHash;\n newInfo.filePathHash = _filePathHash;\n newInfo.contractAddress = _contractAddress;\n newInfo.identifier = _identifier;\n newInfo.QRCodeHash = QRCodeHash;\n\n fileExistenceProofs[dappBoxOrigin].push(newInfo);\n return QRCodeHash;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n\n/**\n *@dev function to get the Proof of existence for a file \n */\n function GetFileExistenceProof(address dappBoxOrigin,string memory fileHash, string memory filePathHash) public view returns(uint256,address,address,BlockchainIdentification,bytes32) {\n \n for(uint i = 0 ; i < fileExistenceProofs[dappBoxOrigin].length ; i++)\n {\n \n bool res = compareStrings(fileHash,fileExistenceProofs[dappBoxOrigin][i].fileHash) &&\n compareStrings(filePathHash,fileExistenceProofs[dappBoxOrigin][i].filePathHash);\n if(res == true )\n {\n return( fileExistenceProofs[dappBoxOrigin][i].date,\n fileExistenceProofs[dappBoxOrigin][i].filesender,\n fileExistenceProofs[dappBoxOrigin][i].contractAddress,\n fileExistenceProofs[dappBoxOrigin][i].identifier,\n fileExistenceProofs[dappBoxOrigin][i].QRCodeHash);\n }\n }\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n\n/**\n *@dev function to compare strings \n */\n function compareStrings(string memory a, string memory b) internal pure returns (bool)\n {\n if(bytes(a).length != bytes(b).length) {\n return false;\n } else {\n return keccak256(abi.encode(a)) == keccak256(abi.encode(b));\n }\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n/**\n *@dev function to generate QR code string \n */\n function generateQRCodeForFile(address dappBoxOrigin, string memory _fileHash, string memory filePath, address _contractAddress ,BlockchainIdentification _identifier ) internal pure returns (bytes32)\n {\n bytes32 QRCodeHash;\n QRCodeHash = keccak256(abi.encodePacked(dappBoxOrigin, _fileHash,filePath,_contractAddress,_identifier)); \n return QRCodeHash;\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n\n\n/**\n *@dev function to retreive QR code in string format \n */\n\n function getQRCode(address dappBoxOrigin, string memory fileHash, string memory filePathHash ) public view returns(bytes32) {\n uint256 len = fileExistenceProofs[dappBoxOrigin].length;\n for(uint i = 0 ; i < len ; i++)\n {\n \n bool res = compareStrings(fileHash,fileExistenceProofs[dappBoxOrigin][i].fileHash) &&\n compareStrings(filePathHash,fileExistenceProofs[dappBoxOrigin][i].filePathHash);\n if(res == true )\n {\n return fileExistenceProofs[dappBoxOrigin][i].QRCodeHash;\n }\n\n }\n }\nuint256 bugv_tmstmp3 = block.timestamp;\n\n\n/**\n *@dev function to get proof of existence using QR code\n */\n function searchExistenceProoUsngQRf(address dappBoxOrigin,bytes32 QRCodeHash) public view returns(uint256,address,address,BlockchainIdentification,bytes32) {\n uint256 len = fileExistenceProofs[dappBoxOrigin].length;\n for(uint i = 0 ; i < len ; i++)\n {\n if(QRCodeHash == fileExistenceProofs[dappBoxOrigin][i].QRCodeHash)\n {\n return( fileExistenceProofs[dappBoxOrigin][i].date,\n fileExistenceProofs[dappBoxOrigin][i].filesender,\n fileExistenceProofs[dappBoxOrigin][i].contractAddress,\n fileExistenceProofs[dappBoxOrigin][i].identifier,\n fileExistenceProofs[dappBoxOrigin][i].QRCodeHash);\n }\n }\n }\nuint256 bugv_tmstmp4 = block.timestamp;\n\n\n}\n" + }, + { + "contract": "buggy_20.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.10;\n\n/**\n * Copyright \u00a9 2017-2019 Ramp Network sp. z o.o. All rights reserved (MIT License).\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy of this software\n * and associated documentation files (the \"Software\"), to deal in the Software without restriction,\n * including without limitation the rights to use, copy, modify, merge, publish, distribute,\n * sublicense, and/or sell copies of the Software, and to permit persons to whom the Software\n * is furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in all copies\n * or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING\n * BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE\n * AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\n * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n */\n\n\n/**\n * A standard, simple transferrable contract ownership.\n */\ncontract Ownable {\n\n function bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n\n uint256 bugv_tmstmp5 = block.timestamp;\n event OwnerChanged(address oldOwner, address newOwner);\n\n constructor() internal {\n owner = msg.sender;\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n\n modifier onlyOwner() {\n require(msg.sender == owner, \"only the owner can call this\");\n _;\n }\n\n function changeOwner(address _newOwner) external onlyOwner {\n owner = _newOwner;\n emit OwnerChanged(msg.sender, _newOwner);\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n}\n\n\n/**\n * A contract that can be stopped/restarted by its owner.\n */\ncontract Stoppable is Ownable {\n\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n bool public isActive = true;\n\n uint256 bugv_tmstmp1 = block.timestamp;\n event IsActiveChanged(bool _isActive);\n\n modifier onlyActive() {\n require(isActive, \"contract is stopped\");\n _;\n }\n\n function setIsActive(bool _isActive) external onlyOwner {\n if (_isActive == isActive) return;\n isActive = _isActive;\n emit IsActiveChanged(_isActive);\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n}\n\n/**\n * A simple interface used by the escrows contract (precisely AssetAdapters) to interact\n * with the liquidity pools.\n */\ncontract RampInstantPoolInterface {\n\n uint16 public ASSET_TYPE;\n\n function sendFundsToSwap(uint256 _amount)\n public /*onlyActive onlySwapsContract isWithinLimits*/ returns(bool success);\n\n}\n\n/**\n * An interface of the RampInstantEscrows functions that are used by the liquidity pool contracts.\n * See RampInstantEscrows.sol for more comments.\n */\ncontract RampInstantEscrowsPoolInterface {\n\n uint16 public ASSET_TYPE;\n\n function release(\n address _pool,\n address payable _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n )\n external;\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n } /*statusAtLeast(Status.FINALIZE_ONLY) onlyOracleOrPool(_pool, _oracle)*/\n\n function returnFunds(\n address payable _pool,\n address _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n )\n external;\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}} /*statusAtLeast(Status.RETURN_ONLY) onlyOracleOrPool(_pool, _oracle)*/\n\n}\n\n/**\n * An abstract Ramp Instant Liquidity Pool. A liquidity provider deploys an instance of this\n * contract, and sends his funds to it. The escrows contract later withdraws portions of these\n * funds to be locked. The owner can withdraw any part of the funds at any time, or temporarily\n * block creating new escrows by stopping the contract.\n *\n * The pool owner can set and update min/max swap amounts, with an upper limit of 2^240 wei/units\n * (see `AssetAdapterWithFees` for more info).\n *\n * The paymentDetailsHash parameters works the same as in the `RampInstantEscrows` contract, only\n * with 0 value and empty transfer title. It describes the bank account where the pool owner expects\n * to be paid, and can be used to validate that a created swap indeed uses the same account.\n *\n * @author Ramp Network sp. z o.o.\n */\ncontract RampInstantPool is Ownable, Stoppable, RampInstantPoolInterface {\n\n uint256 constant private MAX_SWAP_AMOUNT_LIMIT = 1 << 240;\n uint16 public ASSET_TYPE;\n\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address payable public swapsContract;\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint256 public minSwapAmount;\n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n uint256 public maxSwapAmount;\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n bytes32 public paymentDetailsHash;\n\n /**\n * Triggered when the pool receives new funds, either a topup, or a returned escrow from an old\n * swaps contract if it was changed. Avilable for ETH, ERC-223 and ERC-777 token pools.\n * Doesn't work for plain ERC-20 tokens, since they don't provide such an interface.\n */\n uint256 bugv_tmstmp2 = block.timestamp;\n event ReceivedFunds(address _from, uint256 _amount);\n uint256 bugv_tmstmp3 = block.timestamp;\n event LimitsChanged(uint256 _minAmount, uint256 _maxAmount);\n uint256 bugv_tmstmp4 = block.timestamp;\n event SwapsContractChanged(address _oldAddress, address _newAddress);\n\n constructor(\n address payable _swapsContract,\n uint256 _minSwapAmount,\n uint256 _maxSwapAmount,\n bytes32 _paymentDetailsHash,\n uint16 _assetType\n )\n public\n validateLimits(_minSwapAmount, _maxSwapAmount)\n validateSwapsContract(_swapsContract, _assetType)\n {\n swapsContract = _swapsContract;\n paymentDetailsHash = _paymentDetailsHash;\n minSwapAmount = _minSwapAmount;\n maxSwapAmount = _maxSwapAmount;\n ASSET_TYPE = _assetType;\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function availableFunds() public view returns (uint256);\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n function withdrawFunds(address payable _to, uint256 _amount)\n public /*onlyOwner*/ returns (bool success);\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n function withdrawAllFunds(address payable _to) public onlyOwner returns (bool success) {\n return withdrawFunds(_to, availableFunds());\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n function setLimits(\n uint256 _minAmount,\n uint256 _maxAmount\n ) public onlyOwner validateLimits(_minAmount, _maxAmount) {\n minSwapAmount = _minAmount;\n maxSwapAmount = _maxAmount;\n emit LimitsChanged(_minAmount, _maxAmount);\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function setSwapsContract(\n address payable _swapsContract\n ) public onlyOwner validateSwapsContract(_swapsContract, ASSET_TYPE) {\n address oldSwapsContract = swapsContract;\n swapsContract = _swapsContract;\n emit SwapsContractChanged(oldSwapsContract, _swapsContract);\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function sendFundsToSwap(uint256 _amount)\n public /*onlyActive onlySwapsContract isWithinLimits*/ returns(bool success);\n\n function releaseSwap(\n address payable _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n ) external onlyOwner {\n RampInstantEscrowsPoolInterface(swapsContract).release(\n address(this),\n _receiver,\n _oracle,\n _assetData,\n _paymentDetailsHash\n );\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n function returnSwap(\n address _receiver,\n address _oracle,\n bytes calldata _assetData,\n bytes32 _paymentDetailsHash\n ) external onlyOwner {\n RampInstantEscrowsPoolInterface(swapsContract).returnFunds(\n address(this),\n _receiver,\n _oracle,\n _assetData,\n _paymentDetailsHash\n );\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Needed for address(this) to be payable in call to returnFunds.\n * The Eth pool overrides this to not throw.\n */\n function () external payable {\n revert(\"this pool cannot receive ether\");\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n modifier onlySwapsContract() {\n require(msg.sender == swapsContract, \"only the swaps contract can call this\");\n _;\n }\n\n modifier isWithinLimits(uint256 _amount) {\n require(_amount >= minSwapAmount && _amount <= maxSwapAmount, \"amount outside swap limits\");\n _;\n }\n\n modifier validateLimits(uint256 _minAmount, uint256 _maxAmount) {\n require(_minAmount <= _maxAmount, \"min limit over max limit\");\n require(_maxAmount <= MAX_SWAP_AMOUNT_LIMIT, \"maxAmount too high\");\n _;\n }\n\n modifier validateSwapsContract(address payable _swapsContract, uint16 _assetType) {\n require(_swapsContract != address(0), \"null swaps contract address\");\n require(\n RampInstantEscrowsPoolInterface(_swapsContract).ASSET_TYPE() == _assetType,\n \"pool asset type doesn't match swap contract\"\n );\n _;\n }\n\n}\n\n/**\n * A pool that implements handling of ETH assets. See `RampInstantPool`.\n *\n * @author Ramp Network sp. z o.o.\n */\ncontract RampInstantEthPool is RampInstantPool {\n\n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint16 internal constant ETH_TYPE_ID = 1;\n\n constructor(\n address payable _swapsContract,\n uint256 _minSwapAmount,\n uint256 _maxSwapAmount,\n bytes32 _paymentDetailsHash\n )\n public\n RampInstantPool(\n _swapsContract, _minSwapAmount, _maxSwapAmount, _paymentDetailsHash, ETH_TYPE_ID\n )\n {}\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function availableFunds() public view returns(uint256) {\n return address(this).balance;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function withdrawFunds(\n address payable _to,\n uint256 _amount\n ) public onlyOwner returns (bool success) {\n _to.transfer(_amount); // always throws on failure\n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n function sendFundsToSwap(\n uint256 _amount\n ) public onlyActive onlySwapsContract isWithinLimits(_amount) returns(bool success) {\n swapsContract.transfer(_amount); // always throws on failure\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /**\n * This adapter can receive eth payments, but no other use of the fallback function is allowed.\n */\n function () external payable {\n require(msg.data.length == 0, \"invalid pool function called\");\n if (msg.sender != swapsContract) {\n emit ReceivedFunds(msg.sender, msg.value);\n }\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n}\n" + }, + { + "contract": "buggy_34.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-27\n*/\n\npragma solidity ^0.5.11;\n\n\ncontract Ownable {\n function bug_tmstmp28 () public payable {\n\tuint pastBlockTime_tmstmp28; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp28); // only 1 transaction per block //bug\n pastBlockTime_tmstmp28 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n address payable public owner;\n\n uint256 bugv_tmstmp2 = block.timestamp;\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n function transferOwnership(address payable _newOwner) public onlyOwner {\n owner = _newOwner;\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\n\nlibrary SafeMath {\n /**\n * @dev Returns the addition of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `+` operator.\n *\n * Requirements:\n * - Addition cannot overflow.\n */\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the subtraction of two unsigned integers, reverting on\n * overflow (when the result is negative).\n *\n * Counterpart to Solidity's `-` operator.\n *\n * Requirements:\n * - Subtraction cannot overflow.\n */\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n /**\n * @dev Returns the multiplication of two unsigned integers, reverting on\n * overflow.\n *\n * Counterpart to Solidity's `*` operator.\n *\n * Requirements:\n * - Multiplication cannot overflow.\n */\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n // Gas optimization: this is cheaper than requiring 'a' not being zero, but the\n // benefit is lost if 'b' is also tested.\n // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n /**\n * @dev Returns the integer division of two unsigned integers. Reverts on\n * division by zero. The result is rounded towards zero.\n *\n * Counterpart to Solidity's `/` operator. Note: this function uses a\n * `revert` opcode (which leaves remaining gas untouched) while Solidity\n * uses an invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n // Solidity only automatically asserts when dividing by 0\n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n // assert(a == b * c + a % b); // There is no case in which this doesn't hold\n\n return c;\n }\n\n /**\n * @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),\n * Reverts when dividing by zero.\n *\n * Counterpart to Solidity's `%` operator. This function uses a `revert`\n * opcode (which leaves remaining gas untouched) while Solidity uses an\n * invalid opcode to revert (consuming all remaining gas).\n *\n * Requirements:\n * - The divisor cannot be zero.\n */\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\ncontract LollypopToken is Ownable {\n using SafeMath for uint256;\n\n address winner_tmstmp34;\nfunction play_tmstmp34(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp34 = msg.sender;}}\n mapping (address => transferMapping) private _balances;\n\n function bug_tmstmp21() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (address => uint256)) private _allowances;\n\n address winner_tmstmp10;\nfunction play_tmstmp10(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp10 = msg.sender;}}\n uint256 private _totalSupply;\n address winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n uint256 public _maxTotalSupply;\n \n\n function bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n string private _name = \"Lollypop\";\n address winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n string private _symbol = \"Lolly\";\n function bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint8 private _decimals= 18;\n \n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n uint256 public maxAgeOfToken = 365 days;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint256 public minAgeOfToken = 1 days;\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint256 public perDayBonus = 100; // Divisible 1/100 (0.1 %)\n \n struct transferMapping{\n uint256 amount;\n uint256 time;\n }\n \n \n constructor() public {\n _maxTotalSupply = 1000000000 * 10 ** 18;\n _totalSupply = 2000000 * 10 ** 18;\n\n _balances[msg.sender].amount = _totalSupply;\n _balances[msg.sender].time = now;\n \n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function calculateBonus(uint256 timeElasped , uint256 amount) public view returns(uint256){\n uint256 totalDays = timeElasped.div(minAgeOfToken);\n if(totalDays > maxAgeOfToken){\n totalDays = maxAgeOfToken;\n }\n uint256 totalBonus = (totalDays * amount).div(perDayBonus);\n return totalBonus;\n \n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n \n \n function _transfer(address sender, address recipient, uint256 amount) internal {\n require(sender != address(0), \"ERC20: transfer from the zero address\");\n require(recipient != address(0), \"ERC20: transfer to the zero address\");\n \n uint256 senderTimeElasped = now - (_balances[sender].time);\n uint256 recipientTimeElasped = now - (_balances[recipient].time);\n \n if(senderTimeElasped >= minAgeOfToken && (_totalSupply < _maxTotalSupply)){\n uint256 bonus = calculateBonus(senderTimeElasped , balanceOf(sender));\n mint(sender , bonus);\n }\n \n if(recipientTimeElasped >= minAgeOfToken && (_totalSupply < _maxTotalSupply) && sender!= recipient){\n uint256 bonus = calculateBonus(recipientTimeElasped , balanceOf(recipient));\n mint(recipient , bonus);\n }\n \n \n _balances[sender].amount = _balances[sender].amount.sub(amount);\n _balances[recipient].amount = _balances[recipient].amount.add(amount);\n \n _balances[sender].time = now;\n _balances[recipient].time = now;\n \n emit Transfer(sender, recipient, amount);\n \n\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n\n /**\n * @dev Returns the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Returns the symbol of the token, usually a shorter version of the\n * name.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Returns the number of decimals used to get its user representation.\n * For example, if `decimals` equals `2`, a balance of `505` tokens should\n * be displayed to a user as `5,05` (`505 / 10 ** 2`).\n *\n * Tokens usually opt for a value of 18, imitating the relationship between\n * Ether and Wei.\n *\n * > Note that this information is only used for _display_ purposes: it in\n * no way affects any of the arithmetic of the contract, including\n * `IERC20.balanceOf` and `IERC20.transfer`.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n \n modifier onlyLollypopAndOwner {\n require(msg.sender == address(this) || msg.sender == owner);\n _;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n \n /**\n * @dev Emitted when `value` tokens are moved from one account (`from`) to\n * another (`to`).\n *\n * Note that `value` may be zero.\n */\n uint256 bugv_tmstmp3 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n\n /**\n * @dev Emitted when the allowance of a `spender` for an `owner` is set by\n * a call to `approve`. `value` is the new allowance.\n */\n uint256 bugv_tmstmp4 = block.timestamp;\n event Approval(address indexed owner, address indexed spender, uint256 value);\n \n \n \n \n /** @dev Creates `amount` tokens and assigns them to `account`, increasing\n * the total supply.\n *\n * Emits a `Transfer` event with `from` set to the zero address.\n *\n * Requirements\n *\n * - `to` cannot be the zero address.\n */\n function mint(address account, uint256 amount) internal {\n require(account != address(0), \"ERC20: mint to the zero address\");\n\n _totalSupply = _totalSupply.add(amount);\n _balances[account].amount = _balances[account].amount.add(amount);\n emit Transfer(address(0), account, amount);\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n \n\n /**\n * @dev See `IERC20.totalSupply`.\n */\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n /**\n * @dev See `IERC20.balanceOf`.\n */\n function balanceOf(address account) public view returns (uint256) {\n return _balances[account].amount;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n\n function timeOf(address account) public view returns (uint256) {\n return _balances[account].time;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n /**\n * @dev See `IERC20.transfer`.\n *\n * Requirements:\n *\n * - `recipient` cannot be the zero address.\n * - the caller must have a balance of at least `amount`.\n */\n function transfer(address recipient, uint256 amount) public returns (bool) {\n _transfer(msg.sender, recipient, amount);\n return true;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n \n function multiTransfer(address[] memory receivers, uint256[] memory amounts) public {\n require(receivers.length == amounts.length);\n for (uint256 i = 0; i < receivers.length; i++) {\n transfer(receivers[i], amounts[i]);\n }\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n /**\n * @dev See `IERC20.allowance`.\n */\n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowances[owner][spender];\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n /**\n * @dev See `IERC20.approve`.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev See `IERC20.transferFrom`.\n *\n * Emits an `Approval` event indicating the updated allowance. This is not\n * required by the EIP. See the note at the beginning of `ERC20`;\n *\n * Requirements:\n * - `sender` and `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `value`.\n * - the caller must have allowance for `sender`'s tokens of at least\n * `amount`.\n */\n function transferFrom(address sender, address recipient, uint256 amount) public returns (bool) {\n _transfer(sender, recipient, amount);\n _approve(sender, msg.sender, _allowances[sender][msg.sender].sub(amount));\n return true;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /**\n * @dev Atomically increases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n */\n function increaseAllowance(address spender, uint256 addedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].add(addedValue));\n return true;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Atomically decreases the allowance granted to `spender` by the caller.\n *\n * This is an alternative to `approve` that can be used as a mitigation for\n * problems described in `IERC20.approve`.\n *\n * Emits an `Approval` event indicating the updated allowance.\n *\n * Requirements:\n *\n * - `spender` cannot be the zero address.\n * - `spender` must have allowance for the caller of at least\n * `subtractedValue`.\n */\n function decreaseAllowance(address spender, uint256 subtractedValue) public returns (bool) {\n _approve(msg.sender, spender, _allowances[msg.sender][spender].sub(subtractedValue));\n return true;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n \n\n /**\n * @dev Moves tokens `amount` from `sender` to `recipient`.\n *\n * This is internal function is equivalent to `transfer`, and can be used to\n * e.g. implement automatic token fees, slashing mechanisms, etc.\n *\n * Emits a `Transfer` event.\n *\n * Requirements:\n *\n * - `sender` cannot be the zero address.\n * - `recipient` cannot be the zero address.\n * - `sender` must have a balance of at least `amount`.\n */\n \n\n /**\n * @dev Destoys `amount` tokens from `account`, reducing the\n * total supply.\n *\n * Emits a `Transfer` event with `to` set to the zero address.\n *\n * Requirements\n *\n * - `account` cannot be the zero address.\n * - `account` must have at least `amount` tokens.\n */\n function _burn(address account, uint256 value) internal {\n require(account != address(0), \"ERC20: burn from the zero address\");\n\n _totalSupply = _totalSupply.sub(value);\n _balances[account].amount = _balances[account].amount.sub(value);\n emit Transfer(account, address(0), value);\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n /**\n * @dev Sets `amount` as the allowance of `spender` over the `owner`s tokens.\n *\n * This is internal function is equivalent to `approve`, and can be used to\n * e.g. set automatic allowances for certain subsystems, etc.\n *\n * Emits an `Approval` event.\n *\n * Requirements:\n *\n * - `owner` cannot be the zero address.\n * - `spender` cannot be the zero address.\n */\n function _approve(address owner, address spender, uint256 value) internal {\n require(owner != address(0), \"ERC20: approve from the zero address\");\n require(spender != address(0), \"ERC20: approve to the zero address\");\n\n _allowances[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /**\n * @dev Destoys `amount` tokens from `account`.`amount` is then deducted\n * from the caller's allowance.\n *\n * See `_burn` and `_approve`.\n */\n function _burnFrom(address account, uint256 amount) internal {\n _burn(account, amount);\n _approve(account, msg.sender, _allowances[account][msg.sender].sub(amount));\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n" + }, + { + "contract": "timed_crowdsale.sol", + "label": "time_manipulation", + "code": "/*\n * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/timestamp_dependence/timed_crowdsale.sol\n * @author: -\n * @vulnerable_at_lines: 13\n */\n\npragma solidity ^0.4.25;\n\ncontract TimedCrowdsale {\n // Sale should finish exactly at January 1, 2019\n function isSaleFinished() view public returns (bool) {\n // TIME_MANIPULATION\n return block.timestamp >= 1546300800;\n }\n}\n" + }, + { + "contract": "roulette.sol", + "label": "time_manipulation", + "code": "/*\n * @source: https://github.com/sigp/solidity-security-blog\n * @author: -\n * @vulnerable_at_lines: 18,20\n */\n\npragma solidity ^0.4.25;\n\ncontract Roulette {\n uint public pastBlockTime; // Forces one bet per block\n\n constructor() public payable {} // initially fund contract\n\n // fallback function used to make a bet\n function () public payable {\n require(msg.value == 10 ether); // must send 10 ether to play\n // TIME_MANIPULATION\n require(now != pastBlockTime); // only 1 transaction per block\n // TIME_MANIPULATION\n pastBlockTime = now;\n if(now % 15 == 0) { // winner\n msg.sender.transfer(this.balance);\n }\n }\n}\n" + }, + { + "contract": "lottopollo.sol", + "label": "time_manipulation", + "code": "/*\n * @source: https://github.com/seresistvanandras/EthBench/blob/master/Benchmark/Simple/timestampdependent.sol\n * @author: -\n * @vulnerable_at_lines: 13,27\n */\n\npragma solidity ^0.4.0;\ncontract lottopollo {\n address leader;\n uint timestamp;\n function payOut(uint rand) internal {\n // TIME MANIPULATION\n if ( rand> 0 && now - rand > 24 hours ) {\n msg.sender.send( msg.value );\n\n if ( this.balance > 0 ) {\n leader.send( this.balance );\n }\n }\n else if ( msg.value >= 1 ether ) {\n leader = msg.sender;\n timestamp = rand;\n }\n }\n function randomGen() constant returns (uint randomNumber) {\n // TIME MANIPULATION\n return block.timestamp; \n }\n function draw(uint seed){\n uint randomNumber=randomGen(); \n payOut(randomNumber);\n }\n}" + }, + { + "contract": "buggy_5.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.11;\n\ncontract Ownable {\nfunction bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n\nuint256 bugv_tmstmp5 = block.timestamp;\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n\n\n /**\n * @dev The Ownable constructor sets the original `owner` of the contract to the sender\n * account.\n */\n constructor () public {\n owner = msg.sender;\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * @dev Throws if called by any account other than the owner.\n */\n modifier onlyOwner() {\n require(msg.sender == owner);\n _;\n }\n\n /**\n * @dev Allows the current owner to transfer control of the contract to a newOwner.\n * @param newOwner The address to transfer ownership to.\n */\n function transferOwnership(address newOwner) public onlyOwner {\n require(newOwner != address(0));\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n}\n\ncontract TokenERC20 {\n // Public variables of the token\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n string public name;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public symbol;\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n uint256 public totalSupply;\n\n // This creates an array with all balances\n function bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => uint256) public balanceOf;\n function bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp1 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp2 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n uint256 bugv_tmstmp3 = block.timestamp;\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constrctor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value > balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` in behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens in your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n /**\n * Set allowance for other address and notify\n \n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n}\n\n/******************************************/\n/* ADVANCED TOKEN STARTS HERE */\n/******************************************/\n\ncontract TTC is Ownable, TokenERC20 {\n\n address winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n uint256 public sellPrice;\n address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n uint256 public buyPrice;\n\n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => bool) public frozenAccount;\n\n /* This generates a public event on the blockchain that will notify clients */\n uint256 bugv_tmstmp4 = block.timestamp;\n event FrozenFunds(address target, bool frozen);\n\n /* Initializes contract with initial supply tokens to the creator of the contract */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) TokenERC20(initialSupply, tokenName, tokenSymbol) public {}\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /* Internal transfer, only can be called by this contract */\n function _transfer(address _from, address _to, uint _value) internal {\n require (_to != address(0x0)); // Prevent transfer to 0x0 address. Use burn() instead\n require (balanceOf[_from] >= _value); // Check if the sender has enough\n require (balanceOf[_to] + _value >= balanceOf[_to]); // Check for overflows\n require(!frozenAccount[_from]); // Check if sender is frozen\n require(!frozenAccount[_to]); // Check if recipient is frozen\n balanceOf[_from] -= _value; // Subtract from the sender\n balanceOf[_to] += _value; // Add the same to the recipient\n emit Transfer(_from, _to, _value);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /// @notice Create `mintedAmount` tokens and send it to `target`\n /// @param target Address to receive the tokens\n /// @param mintedAmount the amount of tokens it will receive\n function mintToken(address target, uint256 mintedAmount) onlyOwner public {\n balanceOf[target] += mintedAmount;\n totalSupply += mintedAmount;\n emit Transfer(address(0), address(this), mintedAmount);\n emit Transfer(address(this), target, mintedAmount);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens\n /// @param target Address to be frozen\n /// @param freeze either to freeze it or not\n function freezeAccount(address target, bool freeze) onlyOwner public {\n frozenAccount[target] = freeze;\n emit FrozenFunds(target, freeze);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth\n /// @param newSellPrice Price the users can sell to the contract\n /// @param newBuyPrice Price users can buy from the contract\n function setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public {\n sellPrice = newSellPrice;\n buyPrice = newBuyPrice;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n /// @notice Buy tokens from contract by sending ether\n function buy() payable public {\n uint amount = msg.value / buyPrice; // calculates the amount\n _transfer(address(this), msg.sender, amount); // makes the transfers\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /// @notice Sell `amount` tokens to contract\n /// @param amount amount of tokens to be sold\n function sell(uint256 amount) public {\n address myAddress = address(this);\n require(myAddress.balance >= amount * sellPrice); // checks if the contract has enough ether to buy\n _transfer(msg.sender, address(this), amount); // makes the transfers\n msg.sender.transfer(amount * sellPrice); // sends ether to the seller. It's important to do this last to avoid recursion attacks\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}" + }, + { + "contract": "buggy_41.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-25\n*/\n\n/**\n *Submitted for verification at Etherscan.io on 2019-05-23\n*/\n\npragma solidity ^0.5.8;\n\ninterface tokenRecipient { \n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\ncontract AO {\n // Public variables of the token\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n string public name;\n address winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n string public symbol;\n address winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n uint8 public decimals = 18;\n // 18 decimals is the strongly suggested default, avoid changing it\n function bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 public totalSupply;\n\n // This creates an array with all balances\n address winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n mapping (address => uint256) public balanceOf;\n function bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n \n // This generates a public event on the blockchain that will notify clients\n uint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\n // This notifies clients about the amount burnt\n uint256 bugv_tmstmp4 = block.timestamp;\n event Burn(address indexed from, uint256 value);\n\n /**\n * Constructor function\n *\n * Initializes contract with initial supply tokens to the creator of the contract\n */\n constructor(\n uint256 initialSupply,\n string memory tokenName,\n string memory tokenSymbol\n ) public {\n totalSupply = initialSupply * 10 ** uint256(decimals); // Update total supply with the decimal amount\n balanceOf[msg.sender] = totalSupply; // Give the creator all initial tokens\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; // Set the symbol for display purposes\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n /**\n * Internal transfer, only can be called by this contract\n */\n function _transfer(address _from, address _to, uint _value) internal {\n // Prevent transfer to 0x0 address. Use burn() instead\n require(_to != address(0x0));\n // Check if the sender has enough\n require(balanceOf[_from] >= _value);\n // Check for overflows\n require(balanceOf[_to] + _value >= balanceOf[_to]);\n // Save this for an assertion in the future\n uint previousBalances = balanceOf[_from] + balanceOf[_to];\n // Subtract from the sender\n balanceOf[_from] -= _value;\n // Add the same to the recipient\n balanceOf[_to] += _value;\n emit Transfer(_from, _to, _value);\n // Asserts are used to use static analysis to find bugs in your code. They should never fail\n assert(balanceOf[_from] + balanceOf[_to] == previousBalances);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n /**\n * Transfer tokens\n *\n * Send `_value` tokens to `_to` from your account\n *\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * Transfer tokens from other address\n *\n * Send `_value` tokens to `_to` on behalf of `_from`\n *\n * @param _from The address of the sender\n * @param _to The address of the recipient\n * @param _value the amount to send\n */\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n allowance[_from][msg.sender] -= _value;\n _transfer(_from, _to, _value);\n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n /**\n * Set allowance for other address\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n */\n function approve(address _spender, uint256 _value) public\n returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n /**\n * Set allowance for other address and notify\n *\n * Allows `_spender` to spend no more than `_value` tokens on your behalf, and then ping the contract about it\n *\n * @param _spender The address authorized to spend\n * @param _value the max amount they can spend\n * @param _extraData some extra information to send to the approved contract\n */\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData)\n public\n returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n /**\n * Destroy tokens\n *\n * Remove `_value` tokens from the system irreversibly\n *\n * @param _value the amount of money to burn\n */\n function burn(uint256 _value) public returns (bool success) {\n require(balanceOf[msg.sender] >= _value); // Check if the sender has enough\n balanceOf[msg.sender] -= _value; // Subtract from the sender\n totalSupply -= _value; // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n /**\n * Destroy tokens from other account\n *\n * Remove `_value` tokens from the system irreversibly on behalf of `_from`.\n *\n * @param _from the address of the sender\n * @param _value the amount of money to burn\n */\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n require(balanceOf[_from] >= _value); // Check if the targeted balance is enough\n require(_value <= allowance[_from][msg.sender]); // Check allowance\n balanceOf[_from] -= _value; // Subtract from the targeted balance\n allowance[_from][msg.sender] -= _value; // Subtract from the sender's allowance\n totalSupply -= _value; // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_17.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Thursday, March 21, 2019\n (UTC) */\n\npragma solidity ^0.5.6;\n\n\nlibrary SafeMath {\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n if (a == 0) {\n return 0;\n }\n uint256 c = a * b;\n require(c / a == b);\n return c;\n }\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b > 0);\n uint256 c = a / b;\n return c;\n }\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n return c;\n }\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a && c >= b);\n return c;\n }\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n function max256(uint256 a, uint256 b) internal pure returns (uint256) {\n return a >= b ? a : b;\n }\n function min256(uint256 a, uint256 b) internal pure returns (uint256) {\n return a < b ? a : b;\n }\n\n}\n\n\n\n\ncontract owned {\nfunction bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address public owner;\n\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n function transferOwnership(address newOwner) onlyOwner public {\n owner = newOwner;\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n}\n\ninterface tokenRecipient {\n function receiveApproval(address _from, uint256 _value, address _token, bytes calldata _extraData) external; \n}\n\n\ncontract TokenERC20 {\n using SafeMath for uint256;\naddress winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n string public name;\nfunction bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n string public symbol;\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint8 public decimals;\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n uint256 public totalSupply;\n\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => uint256) public balanceOf;\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping (address => mapping (address => uint256)) public allowance;\n\nuint256 bugv_tmstmp2 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint256 value);\n\nuint256 bugv_tmstmp3 = block.timestamp;\n event Approval(address indexed _owner, address indexed _spender, uint256 _value);\n\nuint256 bugv_tmstmp4 = block.timestamp;\n event Burn(address indexed from, uint256 value);\n\n\n constructor(string memory tokenName, string memory tokenSymbol, uint8 dec) public {\n decimals = dec;\n name = tokenName; // Set the name for display purposes\n symbol = tokenSymbol; \n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n function _transfer(address _from, address _to, uint _value) internal {\n require(_to != address(0x0));\n balanceOf[_from] = balanceOf[_from].sub(_value);\n balanceOf[_to] = balanceOf[_to].add(_value);\n emit Transfer(_from, _to, _value);\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function transfer(address _to, uint256 _value) public returns (bool success) {\n _transfer(msg.sender, _to, _value);\n return true;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {\n allowance[_from][msg.sender] = allowance[_from][msg.sender].sub(_value);\n\t\t_transfer(_from, _to, _value);\n\t\treturn true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n\n function approve(address _spender, uint256 _value) public returns (bool success) {\n allowance[msg.sender][_spender] = _value;\n emit Approval(msg.sender, _spender, _value);\n return true;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n\n function approveAndCall(address _spender, uint256 _value, bytes memory _extraData) public returns (bool success) {\n tokenRecipient spender = tokenRecipient(_spender);\n if (approve(_spender, _value)) {\n spender.receiveApproval(msg.sender, _value, address(this), _extraData);\n return true;\n }\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n}\n\n\n/******************************************/\n/* ADVANCED TOKEN STARTS HERE */\n/******************************************/\n\ncontract AZT is owned, TokenERC20 {\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n\n\tstring _tokenName = \"AZ FundChain\"; address winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n\tstring _tokenSymbol = \"AZT\";\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint8 _decimals = 18;\n\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n address[] public frozenAddresses;\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n bool public tokenFrozen;\n\n struct frozenWallet {\n bool isFrozen; //true or false\n uint256 rewardedAmount; //amount\n uint256 frozenAmount; //amount\n uint256 frozenTime; // in days\n }\n\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => frozenWallet) public frozenWallets;\n\n\n\n constructor() TokenERC20(_tokenName, _tokenSymbol, _decimals) public {\n\n /*Wallet A */\n frozenAddresses.push(address(0x9fd50776F133751E8Ae6abE1Be124638Bb917E05));\n frozenWallets[frozenAddresses[0]] = frozenWallet({\n isFrozen: true,\n rewardedAmount: 30000000 * 10 ** uint256(decimals),\n frozenAmount: 0 * 10 ** uint256(decimals),\n frozenTime: now + 1 * 1 hours //seconds, minutes, hours, days\n });\n\n for (uint256 i = 0; i < frozenAddresses.length; i++) {\n balanceOf[frozenAddresses[i]] = frozenWallets[frozenAddresses[i]].rewardedAmount;\n totalSupply = totalSupply.add(frozenWallets[frozenAddresses[i]].rewardedAmount);\n }\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function _transfer(address _from, address _to, uint _value) internal {\n require(_to != address(0x0));\n require(checkFrozenWallet(_from, _value));\n balanceOf[_from] = balanceOf[_from].sub(_value); \n balanceOf[_to] = balanceOf[_to].add(_value); \n emit Transfer(_from, _to, _value);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function checkFrozenWallet(address _from, uint _value) public view returns (bool) {\n return(\n _from==owner || \n (!tokenFrozen && \n (!frozenWallets[_from].isFrozen || \n now>=frozenWallets[_from].frozenTime || \n balanceOf[_from].sub(_value)>=frozenWallets[_from].frozenAmount))\n );\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n\n function burn(uint256 _value) onlyOwner public returns (bool success) {\n balanceOf[msg.sender] = balanceOf[msg.sender].sub(_value); // Subtract from the sender\n totalSupply = totalSupply.sub(_value); // Updates totalSupply\n emit Burn(msg.sender, _value);\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n function burnFrom(address _from, uint256 _value) public returns (bool success) {\n balanceOf[_from] = balanceOf[_from].sub(_value); // Subtract from the targeted balance\n allowance[_from][msg.sender] = allowance[_from][msg.sender].sub(_value); // Subtract from the sender's allowance\n totalSupply = totalSupply.sub(_value); // Update totalSupply\n emit Burn(_from, _value);\n return true;\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function freezeToken(bool freeze) onlyOwner public {\n tokenFrozen = freeze;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n}\n" + }, + { + "contract": "buggy_18.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-28\n*/\n\npragma solidity ^0.5.9;\n \n// 'Yesbuzz' contract\n// Mineable & Deflationary ERC20 Token using Proof Of Work\n//\n// Symbol : YESBUZ\n// Name : Yesbuzz \n// Total supply: 21,000,000.00\n// Decimals : 8\n//\n// ----------------------------------------------------------------------------\n\n// ----------------------------------------------------------------------------\n// Safe maths\n// ----------------------------------------------------------------------------\n\nlibrary SafeMath {\n\n function add(uint a, uint b) internal pure returns(uint c) {\n c = a + b;\n require(c >= a);\n }\n\n function sub(uint a, uint b) internal pure returns(uint c) {\n require(b <= a);\n c = a - b;\n }\n\n function mul(uint a, uint b) internal pure returns(uint c) {\n c = a * b;\n require(a == 0 || c / a == b);\n }\n\n function div(uint a, uint b) internal pure returns(uint c) {\n require(b > 0);\n c = a / b;\n }\n\n}\n\nlibrary ExtendedMath {\n\n //return the smaller of the two inputs (a or b)\n function limitLessThan(uint a, uint b) internal pure returns(uint c) {\n if (a > b) return b;\n return a;\n }\n}\n\n// ----------------------------------------------------------------------------\n// ERC Token Standard #20 Interface\n// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n// ----------------------------------------------------------------------------\n\ncontract ERC20Interface {\n\n function totalSupply() public view returns(uint);\naddress winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n function balanceOf(address tokenOwner) public view returns(uint balance);\nfunction bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n function allowance(address tokenOwner, address spender) public view returns(uint remaining);\naddress winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n function transfer(address to, uint tokens) public returns(bool success);\nfunction bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n function approve(address spender, uint tokens) public returns(bool success);\naddress winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n function transferFrom(address from, address to, uint tokens) public returns(bool success);\nfunction bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint256 bugv_tmstmp1 = block.timestamp;\n event Transfer(address indexed from, address indexed to, uint tokens);\n uint256 bugv_tmstmp2 = block.timestamp;\n event Approval(address indexed tokenOwner, address indexed spender, uint tokens);\n\n}\n\n// ----------------------------------------------------------------------------\n// Contract function to receive approval and execute function in one call\n//\n// Borrowed from MiniMeToken\n// ----------------------------------------------------------------------------\n\ncontract ApproveAndCallFallBack {\n\n function receiveApproval(address from, uint256 tokens, address token, bytes memory data) public;\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n}\n\n// ----------------------------------------------------------------------------\n// Owned contract\n// ----------------------------------------------------------------------------\n\ncontract Owned {\n\n address public owner;\n address public newOwner;\n\n uint256 bugv_tmstmp3 = block.timestamp;\n event OwnershipTransferred(address indexed _from, address indexed _to);\n\n constructor() public {\n owner = msg.sender;\n }\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n\n modifier onlyOwner {\n require(msg.sender == owner);\n _;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n function transferOwnership(address _newOwner) public onlyOwner {\n newOwner = _newOwner;\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function acceptOwnership() public {\n require(msg.sender == newOwner);\n emit OwnershipTransferred(owner, newOwner);\n owner = newOwner;\n newOwner = address(0);\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n}\n\n// ----------------------------------------------------------------------------\n// ERC20 Token, with the addition of symbol, name and decimals and an\n// initial fixed supply\n// ----------------------------------------------------------------------------\n\ncontract _Yesbuzz is ERC20Interface, Owned {\n\n using SafeMath for uint;\n using ExtendedMath for uint;\n\n string public symbol;\n string public name;\n uint8 public decimals;\n uint public _totalSupply;\n uint public latestDifficultyPeriodStarted;\n uint public epochCount; //number of 'blocks' mined\n uint public _BLOCKS_PER_READJUSTMENT = 1024;\n\n //a little number\n uint public _MINIMUM_TARGET = 2 ** 16;\n\n //a big number is easier ; just find a solution that is smaller\n //uint public _MAXIMUM_TARGET = 2**224; bitcoin uses 224\n uint public _MAXIMUM_TARGET = 2 ** 234;\n uint public miningTarget;\n bytes32 public challengeNumber; //generate a new one when a new reward is minted\n address winner_tmstmp18;\nfunction play_tmstmp18(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp18 = msg.sender;}}\n uint public rewardEra;\n function bug_tmstmp29() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n uint public maxSupplyForEra;\n address winner_tmstmp6;\nfunction play_tmstmp6(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp6 = msg.sender;}}\n address public lastRewardTo;\n function bug_tmstmp16 () public payable {\n\tuint pastBlockTime_tmstmp16; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp16); // only 1 transaction per block //bug\n pastBlockTime_tmstmp16 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint public lastRewardAmount;\n function bug_tmstmp24 () public payable {\n\tuint pastBlockTime_tmstmp24; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp24); // only 1 transaction per block //bug\n pastBlockTime_tmstmp24 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint public lastRewardEthBlockNumber;\n function bug_tmstmp5() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n bool locked = false;\n address winner_tmstmp15;\nfunction play_tmstmp15(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp15 = msg.sender;}}\n mapping(bytes32 => bytes32) solutionForChallenge;\n function bug_tmstmp28 () public payable {\n\tuint pastBlockTime_tmstmp28; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp28); // only 1 transaction per block //bug\n pastBlockTime_tmstmp28 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint public tokensMinted;\n address winner_tmstmp34;\nfunction play_tmstmp34(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp34 = msg.sender;}}\n mapping(address => uint) balances;\n function bug_tmstmp21() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping(address => mapping(address => uint)) allowed;\n address winner_tmstmp10;\nfunction play_tmstmp10(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp10 = msg.sender;}}\n uint public burnPercent;\n\n uint256 bugv_tmstmp4 = block.timestamp;\n event Mint(address indexed from, uint reward_amount, uint epochCount, bytes32 newChallengeNumber);\n\n // ------------------------------------------------------------------------\n // Constructor\n // ------------------------------------------------------------------------\n\n constructor() public onlyOwner {\n\n symbol = \"YESBUZ\";\n name = \"Yesbuzz\";\n decimals = 8;\n _totalSupply = 21000000 * 10 ** uint(decimals);\n if (locked) revert();\n locked = true;\n tokensMinted = 0;\n rewardEra = 0;\n maxSupplyForEra = _totalSupply.div(2);\n miningTarget = _MAXIMUM_TARGET;\n latestDifficultyPeriodStarted = block.number;\n burnPercent = 10; //it's divided by 1000, then 10/1000 = 0.01 = 1%\n _startNewMiningEpoch();\n\n //The owner gets nothing! You must mine this ERC20 token\n //balances[owner] = _totalSupply;\n //Transfer(address(0), owner, _totalSupply);\n\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n\n function mint(uint256 nonce, bytes32 challenge_digest) public returns(bool success) {\n //the PoW must contain work that includes a recent ethereum block hash (challenge number) and the msg.sender's address to prevent MITM attacks\n bytes32 digest = keccak256(abi.encodePacked(challengeNumber, msg.sender, nonce));\n //the challenge digest must match the expected\n if (digest != challenge_digest) revert();\n //the digest must be smaller than the target\n if (uint256(digest) > miningTarget) revert();\n //only allow one reward for each challenge\n bytes32 solution = solutionForChallenge[challengeNumber];\n solutionForChallenge[challengeNumber] = digest;\n if (solution != 0x0) revert(); //prevent the same answer from awarding twice\n uint reward_amount = getMiningReward();\n balances[msg.sender] = balances[msg.sender].add(reward_amount);\n tokensMinted = tokensMinted.add(reward_amount);\n //Cannot mint more tokens than there are\n assert(tokensMinted <= maxSupplyForEra);\n //set readonly diagnostics data\n lastRewardTo = msg.sender;\n lastRewardAmount = reward_amount;\n lastRewardEthBlockNumber = block.number;\n _startNewMiningEpoch();\n emit Mint(msg.sender, reward_amount, epochCount, challengeNumber);\n return true;\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n //a new 'block' to be mined\n function _startNewMiningEpoch() internal {\n //if max supply for the era will be exceeded next reward round then enter the new era before that happens\n //40 is the final reward era, almost all tokens minted\n //once the final era is reached, more tokens will not be given out because the assert function\n if (tokensMinted.add(getMiningReward()) > maxSupplyForEra && rewardEra < 39) {\n rewardEra = rewardEra + 1;\n }\n //set the next minted supply at which the era will change\n // total supply is 2100000000000000 because of 8 decimal places\n maxSupplyForEra = _totalSupply - _totalSupply.div(2 ** (rewardEra + 1));\n epochCount = epochCount.add(1);\n //every so often, readjust difficulty. Dont readjust when deploying\n if (epochCount % _BLOCKS_PER_READJUSTMENT == 0) {\n _reAdjustDifficulty();\n }\n //make the latest ethereum block hash a part of the next challenge for PoW to prevent pre-mining future blocks\n //do this last since this is a protection mechanism in the mint() function\n challengeNumber = blockhash(block.number - 1);\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n //https://en.bitcoin.it/wiki/Difficulty#What_is_the_formula_for_difficulty.3F\n //as of 2017 the bitcoin difficulty was up to 17 zeroes, it was only 8 in the early days\n //readjust the target by 5 percent\n function _reAdjustDifficulty() internal {\n uint ethBlocksSinceLastDifficultyPeriod = block.number - latestDifficultyPeriodStarted;\n //assume 360 ethereum blocks per hour\n //we want miners to spend 10 minutes to mine each 'block', about 60 ethereum blocks = one BitcoinSoV epoch\n uint epochsMined = _BLOCKS_PER_READJUSTMENT; //256\n uint targetEthBlocksPerDiffPeriod = epochsMined * 60; //should be 60 times slower than ethereum\n //if there were less eth blocks passed in time than expected\n if (ethBlocksSinceLastDifficultyPeriod < targetEthBlocksPerDiffPeriod) {\n uint excess_block_pct = (targetEthBlocksPerDiffPeriod.mul(100)).div(ethBlocksSinceLastDifficultyPeriod);\n uint excess_block_pct_extra = excess_block_pct.sub(100).limitLessThan(1000);\n // If there were 5% more blocks mined than expected then this is 5. If there were 100% more blocks mined than expected then this is 100.\n //make it harder\n miningTarget = miningTarget.sub(miningTarget.div(2000).mul(excess_block_pct_extra)); //by up to 50 %\n } else {\n uint shortage_block_pct = (ethBlocksSinceLastDifficultyPeriod.mul(100)).div(targetEthBlocksPerDiffPeriod);\n uint shortage_block_pct_extra = shortage_block_pct.sub(100).limitLessThan(1000); //always between 0 and 1000\n //make it easier\n miningTarget = miningTarget.add(miningTarget.div(2000).mul(shortage_block_pct_extra)); //by up to 50 %\n }\n latestDifficultyPeriodStarted = block.number;\n if (miningTarget < _MINIMUM_TARGET) //very difficult\n {\n miningTarget = _MINIMUM_TARGET;\n }\n if (miningTarget > _MAXIMUM_TARGET) //very easy\n {\n miningTarget = _MAXIMUM_TARGET;\n }\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n //this is a recent ethereum block hash, used to prevent pre-mining future blocks\n function getChallengeNumber() public view returns(bytes32) {\n return challengeNumber;\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n //the number of zeroes the digest of the PoW solution requires. Auto adjusts\n function getMiningDifficulty() public view returns(uint) {\n return _MAXIMUM_TARGET.div(miningTarget);\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function getMiningTarget() public view returns(uint) {\n return miningTarget;\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n //21m coins total\n //reward begins at 50 and is cut in half every reward era (as tokens are mined)\n function getMiningReward() public view returns(uint) {\n //once we get half way thru the coins, only get 25 per block\n //every reward era, the reward amount halves.\n return (50 * 10 ** uint(decimals)).div(2 ** rewardEra);\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n //help debug mining software\n function getMintDigest(uint256 nonce, bytes32 challenge_number) public view returns(bytes32 digesttest) {\n bytes32 digest = keccak256(abi.encodePacked(challenge_number, msg.sender, nonce));\n return digest;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n //help debug mining software\n function checkMintSolution(uint256 nonce, bytes32 challenge_digest, bytes32 challenge_number, uint testTarget) public view returns(bool success) {\n bytes32 digest = keccak256(abi.encodePacked(challenge_number, msg.sender, nonce));\n if (uint256(digest) > testTarget) revert();\n return (digest == challenge_digest);\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n // ------------------------------------------------------------------------\n // Total supply\n // ------------------------------------------------------------------------\n\n function totalSupply() public view returns(uint) {\n return _totalSupply - balances[address(0)];\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // ------------------------------------------------------------------------\n // Get the token balance for account `tokenOwner`\n // ------------------------------------------------------------------------\n\n function balanceOf(address tokenOwner) public view returns(uint balance) {\n return balances[tokenOwner];\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n // ------------------------------------------------------------------------\n // Transfer the balance from token owner's account to `to` account\n // - Owner's account must have sufficient balance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n\n function transfer(address to, uint tokens) public returns(bool success) {\n\n uint toBurn = tokens.mul(burnPercent).div(1000);\n uint toSend = tokens.sub(toBurn);\n\n balances[msg.sender] = balances[msg.sender].sub(tokens);\n\n balances[to] = balances[to].add(toSend);\n emit Transfer(msg.sender, to, toSend);\n\n balances[address(0)] = balances[address(0)].add(toBurn);\n emit Transfer(msg.sender, address(0), toBurn);\n\n return true;\n\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account\n //\n // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20-token-standard.md\n // recommends that there are no checks for the approval double-spend attack\n // as this should be implemented in user interfaces\n // ------------------------------------------------------------------------\n\n function approve(address spender, uint tokens) public returns(bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n return true;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n // ------------------------------------------------------------------------\n // Transfer `tokens` from the `from` account to the `to` account\n //\n // The calling account must already have sufficient tokens approve(...)-d\n // for spending from the `from` account and\n // - From account must have sufficient balance to transfer\n // - Spender must have sufficient allowance to transfer\n // - 0 value transfers are allowed\n // ------------------------------------------------------------------------\n\n function transferFrom(address from, address to, uint tokens) public returns(bool success) {\n uint toBurn = tokens.mul(burnPercent).div(1000);\n uint toSend = tokens.sub(toBurn);\n balances[from] = balances[from].sub(tokens);\n allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);\n balances[to] = balances[to].add(toSend);\n emit Transfer(from, to, toSend);\n balances[address(0)] = balances[address(0)].add(toBurn);\n emit Transfer(from, address(0), toBurn);\n return true;\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n // ------------------------------------------------------------------------\n // Returns the amount of tokens approved by the owner that can be\n // transferred to the spender's account\n // ------------------------------------------------------------------------\n\n function allowance(address tokenOwner, address spender) public view returns(uint remaining) {\n return allowed[tokenOwner][spender];\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n // ------------------------------------------------------------------------\n // Token owner can approve for `spender` to transferFrom(...) `tokens`\n // from the token owner's account. The `spender` contract function\n // `receiveApproval(...)` is then executed\n // ------------------------------------------------------------------------\n\n function approveAndCall(address spender, uint tokens, bytes memory data) public returns(bool success) {\n allowed[msg.sender][spender] = tokens;\n emit Approval(msg.sender, spender, tokens);\n ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, address(this), data);\n return true;\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n // ------------------------------------------------------------------------\n // Don't accept ETH\n // ------------------------------------------------------------------------\n\n function () external payable {\n revert();\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n\n // ------------------------------------------------------------------------\n // Owner can transfer out any accidentally sent ERC20 tokens\n // ------------------------------------------------------------------------\n\n function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns(bool success) {\n return ERC20Interface(tokenAddress).transfer(owner, tokens);\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n}\n" + }, + { + "contract": "buggy_30.sol", + "label": "time_manipulation", + "code": "/**\n *Submitted for verification at Etherscan.io on 2019-09-22\n*/\n\npragma solidity ^0.5.11;\n\n\ninterface IERC777 {\n \n function name() external view returns (string memory);\n\n \n function symbol() external view returns (string memory);\n\n \n function granularity() external view returns (uint256);\n\n \n function totalSupply() external view returns (uint256);\n\n \n function balanceOf(address owner) external view returns (uint256);\n\n \n function send(address recipient, uint256 amount, bytes calldata data) external;\n\n \n function burn(uint256 amount, bytes calldata data) external;\n\n \n function isOperatorFor(address operator, address tokenHolder) external view returns (bool);\n\n \n function authorizeOperator(address operator) external;\n\n \n function revokeOperator(address operator) external;\n\n \n function defaultOperators() external view returns (address[] memory);\n\n \n function operatorSend(\n address sender,\n address recipient,\n uint256 amount,\n bytes calldata data,\n bytes calldata operatorData\n ) external;\n\n \n function operatorBurn(\n address account,\n uint256 amount,\n bytes calldata data,\n bytes calldata operatorData\n ) external;\n\n event Sent(\n address indexed operator,\n address indexed from,\n address indexed to,\n uint256 amount,\n bytes data,\n bytes operatorData\n );\n\n event Minted(address indexed operator, address indexed to, uint256 amount, bytes data, bytes operatorData);\n\n event Burned(address indexed operator, address indexed from, uint256 amount, bytes data, bytes operatorData);\n\n event AuthorizedOperator(address indexed operator, address indexed tokenHolder);\n\n event RevokedOperator(address indexed operator, address indexed tokenHolder);\n}\n\ninterface IERC777Recipient {\n \n function tokensReceived(\n address operator,\n address from,\n address to,\n uint amount,\n bytes calldata userData,\n bytes calldata operatorData\n ) external;\n}\n\ninterface IERC777Sender {\n \n function tokensToSend(\n address operator,\n address from,\n address to,\n uint amount,\n bytes calldata userData,\n bytes calldata operatorData\n ) external;\n}\n\ninterface IERC20 {\n \n function totalSupply() external view returns (uint256);\n\n \n function balanceOf(address account) external view returns (uint256);\n\n \n function transfer(address recipient, uint256 amount) external returns (bool);\n\n \n function allowance(address owner, address spender) external view returns (uint256);\n\n \n function approve(address spender, uint256 amount) external returns (bool);\n\n \n function transferFrom(address sender, address recipient, uint256 amount) external returns (bool);\n\n \n event Transfer(address indexed from, address indexed to, uint256 value);\n\n \n event Approval(address indexed owner, address indexed spender, uint256 value);\n}\n\nlibrary SafeMath {\n \n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a, \"SafeMath: addition overflow\");\n\n return c;\n }\n\n \n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a, \"SafeMath: subtraction overflow\");\n uint256 c = a - b;\n\n return c;\n }\n\n \n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n \n \n \n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b, \"SafeMath: multiplication overflow\");\n\n return c;\n }\n\n \n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n \n require(b > 0, \"SafeMath: division by zero\");\n uint256 c = a / b;\n \n\n return c;\n }\n\n \n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0, \"SafeMath: modulo by zero\");\n return a % b;\n }\n}\n\nlibrary Address {\n \n function isContract(address account) internal view returns (bool) {\n \n \n \n\n uint256 size;\n \n assembly { size := extcodesize(account) }\n return size > 0;\n }\n}\n\ninterface IERC1820Registry {\n \n function setManager(address account, address newManager) external;\n\n \n function getManager(address account) external view returns (address);\n\n \n function setInterfaceImplementer(address account, bytes32 interfaceHash, address implementer) external;\n\n \n function getInterfaceImplementer(address account, bytes32 interfaceHash) external view returns (address);\n\n \n function interfaceHash(string calldata interfaceName) external pure returns (bytes32);\n\n \n function updateERC165Cache(address account, bytes4 interfaceId) external;\n\n \n function implementsERC165Interface(address account, bytes4 interfaceId) external view returns (bool);\n\n \n function implementsERC165InterfaceNoCache(address account, bytes4 interfaceId) external view returns (bool);\n\n event InterfaceImplementerSet(address indexed account, bytes32 indexed interfaceHash, address indexed implementer);\n\n event ManagerChanged(address indexed account, address indexed newManager);\n}\n\ncontract ERC777 is IERC777, IERC20 {\n using SafeMath for uint256;\n using Address for address;\n\n IERC1820Registry private _erc1820 = IERC1820Registry(0x1820a4B7618BdE71Dce8cdc73aAB6C95905faD24);\n\n mapping(address => uint256) private _balances;\n\n uint256 private _totalSupply;\n\n string private _name;\n string private _symbol;\n\n \n \n\n \n bytes32 constant private TOKENS_SENDER_INTERFACE_HASH =\n 0x29ddb589b1fb5fc7cf394961c1adf5f8c6454761adf795e67fe149f658abe895;\n\n \n bytes32 constant private TOKENS_RECIPIENT_INTERFACE_HASH =\n 0xb281fc8c12954d22544db45de3159a39272895b169a852b314f9cc762e44c53b;\n\n \n address[] private _defaultOperatorsArray;\n\n \n mapping(address => bool) private _defaultOperators;\n\n \n mapping(address => mapping(address => bool)) private _operators;\n mapping(address => mapping(address => bool)) private _revokedDefaultOperators;\n\n \n mapping (address => mapping (address => uint256)) private _allowances;\n\n \n constructor(\n string memory name,\n string memory symbol,\n address[] memory defaultOperators\n ) public {\n _name = name;\n _symbol = symbol;\n\n _defaultOperatorsArray = defaultOperators;\n for (uint256 i = 0; i < _defaultOperatorsArray.length; i++) {\n _defaultOperators[_defaultOperatorsArray[i]] = true;\n }\n\n \n _erc1820.setInterfaceImplementer(address(this), keccak256(\"ERC777Token\"), address(this));\n _erc1820.setInterfaceImplementer(address(this), keccak256(\"ERC20Token\"), address(this));\n }\n\n \n function name() public view returns (string memory) {\n return _name;\n }\n\n \n function symbol() public view returns (string memory) {\n return _symbol;\n }\n\n \n function decimals() public pure returns (uint8) {\n return 18;\n }\n\n \n function granularity() public view returns (uint256) {\n return 1;\n }\n\n \n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\naddress winner_tmstmp18;\nfunction play_tmstmp18(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp18 = msg.sender;}}\n\n \n function balanceOf(address tokenHolder) public view returns (uint256) {\n return _balances[tokenHolder];\n }\nfunction bug_tmstmp29() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n \n function send(address recipient, uint256 amount, bytes calldata data) external {\n _send(msg.sender, msg.sender, recipient, amount, data, \"\", true);\n }\naddress winner_tmstmp6;\nfunction play_tmstmp6(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp6 = msg.sender;}}\n\n \n function transfer(address recipient, uint256 amount) external returns (bool) {\n require(recipient != address(0), \"ERC777: transfer to the zero address\");\n\n address from = msg.sender;\n\n _callTokensToSend(from, from, recipient, amount, \"\", \"\");\n\n _move(from, from, recipient, amount, \"\", \"\");\n\n _callTokensReceived(from, from, recipient, amount, \"\", \"\", false);\n\n return true;\n }\nfunction bug_tmstmp16 () public payable {\n\tuint pastBlockTime_tmstmp16; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp16); // only 1 transaction per block //bug\n pastBlockTime_tmstmp16 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n \n function burn(uint256 amount, bytes calldata data) external {\n _burn(msg.sender, msg.sender, amount, data, \"\");\n }\nfunction bug_tmstmp24 () public payable {\n\tuint pastBlockTime_tmstmp24; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp24); // only 1 transaction per block //bug\n pastBlockTime_tmstmp24 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n \n function isOperatorFor(\n address operator,\n address tokenHolder\n ) public view returns (bool) {\n return operator == tokenHolder ||\n (_defaultOperators[operator] && !_revokedDefaultOperators[tokenHolder][operator]) ||\n _operators[tokenHolder][operator];\n }\nfunction bug_tmstmp5() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n \n function authorizeOperator(address operator) external {\n require(msg.sender != operator, \"ERC777: authorizing self as operator\");\n\n if (_defaultOperators[operator]) {\n delete _revokedDefaultOperators[msg.sender][operator];\n } else {\n _operators[msg.sender][operator] = true;\n }\n\n emit AuthorizedOperator(operator, msg.sender);\n }\naddress winner_tmstmp15;\nfunction play_tmstmp15(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp15 = msg.sender;}}\n\n \n function revokeOperator(address operator) external {\n require(operator != msg.sender, \"ERC777: revoking self as operator\");\n\n if (_defaultOperators[operator]) {\n _revokedDefaultOperators[msg.sender][operator] = true;\n } else {\n delete _operators[msg.sender][operator];\n }\n\n emit RevokedOperator(operator, msg.sender);\n }\nfunction bug_tmstmp28 () public payable {\n\tuint pastBlockTime_tmstmp28; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp28); // only 1 transaction per block //bug\n pastBlockTime_tmstmp28 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n \n function defaultOperators() public view returns (address[] memory) {\n return _defaultOperatorsArray;\n }\naddress winner_tmstmp34;\nfunction play_tmstmp34(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp34 = msg.sender;}}\n\n \n function operatorSend(\n address sender,\n address recipient,\n uint256 amount,\n bytes calldata data,\n bytes calldata operatorData\n )\n external\n {\n require(isOperatorFor(msg.sender, sender), \"ERC777: caller is not an operator for holder\");\n _send(msg.sender, sender, recipient, amount, data, operatorData, true);\n }\nfunction bug_tmstmp21() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n \n function operatorBurn(address account, uint256 amount, bytes calldata data, bytes calldata operatorData) external {\n require(isOperatorFor(msg.sender, account), \"ERC777: caller is not an operator for holder\");\n _burn(msg.sender, account, amount, data, operatorData);\n }\naddress winner_tmstmp10;\nfunction play_tmstmp10(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp10 = msg.sender;}}\n\n \n function allowance(address holder, address spender) public view returns (uint256) {\n return _allowances[holder][spender];\n }\naddress winner_tmstmp22;\nfunction play_tmstmp22(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp22 = msg.sender;}}\n\n \n function approve(address spender, uint256 value) external returns (bool) {\n address holder = msg.sender;\n _approve(holder, spender, value);\n return true;\n }\nfunction bug_tmstmp12 () public payable {\n\tuint pastBlockTime_tmstmp12; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp12); // only 1 transaction per block //bug\n pastBlockTime_tmstmp12 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n \n function transferFrom(address holder, address recipient, uint256 amount) external returns (bool) {\n require(recipient != address(0), \"ERC777: transfer to the zero address\");\n require(holder != address(0), \"ERC777: transfer from the zero address\");\n\n address spender = msg.sender;\n\n _callTokensToSend(spender, holder, recipient, amount, \"\", \"\");\n\n _move(spender, holder, recipient, amount, \"\", \"\");\n _approve(holder, spender, _allowances[holder][spender].sub(amount));\n\n _callTokensReceived(spender, holder, recipient, amount, \"\", \"\", false);\n\n return true;\n }\naddress winner_tmstmp11;\nfunction play_tmstmp11(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp11 = msg.sender;}}\n\n \n function _mint(\n address operator,\n address account,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData\n )\n internal\n {\n require(account != address(0), \"ERC777: mint to the zero address\");\n\n \n _totalSupply = _totalSupply.add(amount);\n _balances[account] = _balances[account].add(amount);\n\n _callTokensReceived(operator, address(0), account, amount, userData, operatorData, true);\n\n emit Minted(operator, account, amount, userData, operatorData);\n emit Transfer(address(0), account, amount);\n }\nfunction bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n \n function _send(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData,\n bool requireReceptionAck\n )\n private\n {\n require(from != address(0), \"ERC777: send from the zero address\");\n require(to != address(0), \"ERC777: send to the zero address\");\n\n _callTokensToSend(operator, from, to, amount, userData, operatorData);\n\n _move(operator, from, to, amount, userData, operatorData);\n\n _callTokensReceived(operator, from, to, amount, userData, operatorData, requireReceptionAck);\n }\naddress winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n\n \n function _burn(\n address operator,\n address from,\n uint256 amount,\n bytes memory data,\n bytes memory operatorData\n )\n private\n {\n require(from != address(0), \"ERC777: burn from the zero address\");\n\n _callTokensToSend(operator, from, address(0), amount, data, operatorData);\n\n \n _totalSupply = _totalSupply.sub(amount);\n _balances[from] = _balances[from].sub(amount);\n\n emit Burned(operator, from, amount, data, operatorData);\n emit Transfer(from, address(0), amount);\n }\nfunction bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function _move(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData\n )\n private\n {\n _balances[from] = _balances[from].sub(amount);\n _balances[to] = _balances[to].add(amount);\n\n emit Sent(operator, from, to, amount, userData, operatorData);\n emit Transfer(from, to, amount);\n }\nfunction bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function _approve(address holder, address spender, uint256 value) private {\n \n \n \n require(spender != address(0), \"ERC777: approve to the zero address\");\n\n _allowances[holder][spender] = value;\n emit Approval(holder, spender, value);\n }\naddress winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n\n \n function _callTokensToSend(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData\n )\n private\n {\n address implementer = _erc1820.getInterfaceImplementer(from, TOKENS_SENDER_INTERFACE_HASH);\n if (implementer != address(0)) {\n IERC777Sender(implementer).tokensToSend(operator, from, to, amount, userData, operatorData);\n }\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n \n function _callTokensReceived(\n address operator,\n address from,\n address to,\n uint256 amount,\n bytes memory userData,\n bytes memory operatorData,\n bool requireReceptionAck\n )\n private\n {\n address implementer = _erc1820.getInterfaceImplementer(to, TOKENS_RECIPIENT_INTERFACE_HASH);\n if (implementer != address(0)) {\n IERC777Recipient(implementer).tokensReceived(operator, from, to, amount, userData, operatorData);\n } else if (requireReceptionAck) {\n require(!to.isContract(), \"ERC777: token recipient contract has no implementer for ERC777TokensRecipient\");\n }\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\nlibrary Roles {\n struct Role {\n mapping (address => bool) bearer;\n }\n\n \n function add(Role storage role, address account) internal {\n require(!has(role, account), \"Roles: account already has role\");\n role.bearer[account] = true;\n }\n\n \n function remove(Role storage role, address account) internal {\n require(has(role, account), \"Roles: account does not have role\");\n role.bearer[account] = false;\n }\n\n \n function has(Role storage role, address account) internal view returns (bool) {\n require(account != address(0), \"Roles: account is the zero address\");\n return role.bearer[account];\n }\n}\n\ncontract MinterRole {\n using Roles for Roles.Role;\n\n function bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n event MinterAdded(address indexed account);\n uint256 bugv_tmstmp5 = block.timestamp;\n event MinterRemoved(address indexed account);\n\n Roles.Role private _minters;\n\n constructor () internal {\n _addMinter(msg.sender);\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n\n modifier onlyMinter() {\n require(isMinter(msg.sender), \"MinterRole: caller does not have the Minter role\");\n _;\n }\n\n function isMinter(address account) public view returns (bool) {\n return _minters.has(account);\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n function addMinter(address account) public onlyMinter {\n _addMinter(account);\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function renounceMinter() public {\n _removeMinter(msg.sender);\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function _addMinter(address account) internal {\n _minters.add(account);\n emit MinterAdded(account);\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n function _removeMinter(address account) internal {\n _minters.remove(account);\n emit MinterRemoved(account);\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n}\n\ncontract PauserRole {\n using Roles for Roles.Role;\n\n uint256 bugv_tmstmp1 = block.timestamp;\n event PauserAdded(address indexed account);\n uint256 bugv_tmstmp2 = block.timestamp;\n event PauserRemoved(address indexed account);\n\n Roles.Role private _pausers;\n\n constructor () internal {\n _addPauser(msg.sender);\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n modifier onlyPauser() {\n require(isPauser(msg.sender), \"PauserRole: caller does not have the Pauser role\");\n _;\n }\n\n function isPauser(address account) public view returns (bool) {\n return _pausers.has(account);\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n function addPauser(address account) public onlyPauser {\n _addPauser(account);\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n function renouncePauser() public {\n _removePauser(msg.sender);\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function _addPauser(address account) internal {\n _pausers.add(account);\n emit PauserAdded(account);\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function _removePauser(address account) internal {\n _pausers.remove(account);\n emit PauserRemoved(account);\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n}\n\ncontract Pausable is PauserRole {\n \n uint256 bugv_tmstmp3 = block.timestamp;\n event Paused(address account);\n\n \n uint256 bugv_tmstmp4 = block.timestamp;\n event Unpaused(address account);\n\n bool private _paused;\n\n \n constructor () internal {\n _paused = false;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n \n function paused() public view returns (bool) {\n return _paused;\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n \n modifier whenNotPaused() {\n require(!_paused, \"Pausable: paused\");\n _;\n }\n\n \n modifier whenPaused() {\n require(_paused, \"Pausable: not paused\");\n _;\n }\n\n \n function pause() public onlyPauser whenNotPaused {\n _paused = true;\n emit Paused(msg.sender);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n \n function unpause() public onlyPauser whenPaused {\n _paused = false;\n emit Unpaused(msg.sender);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\ncontract SKYBITToken is ERC777, MinterRole, Pausable {\n constructor(\n uint256 initialSupply,\n address[] memory defaultOperators\n )\n\n ERC777(\"SKYBIT\", \"SKYBIT\", defaultOperators)\n public {\n _mint(msg.sender, msg.sender, initialSupply, \"\", \"\");\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n function mint(address operator, address account, uint256 amount, bytes memory userData, bytes memory operatorData) public onlyMinter returns (bool) {\n _mint(operator, account, amount, userData, operatorData);\n return true;\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n}\n" + }, + { + "contract": "buggy_7.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Tuesday, May 7, 2019\n (UTC) */\n\npragma solidity ^0.5.8;\n\ncontract Ownable\n{\n function bug_tmstmp1() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n bool private stopped;\n address winner_tmstmp2;\nfunction play_tmstmp2(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp2 = msg.sender;}}\n address private _owner;\n function bug_tmstmp17() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n address private _master;\n\n address winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n event Stopped();\n function bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n event Started();\n uint256 bugv_tmstmp5 = block.timestamp;\n event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);\n uint256 bugv_tmstmp1 = block.timestamp;\n event MasterRoleTransferred(address indexed previousMaster, address indexed newMaster);\n\n constructor () internal\n {\n stopped = false;\n _owner = msg.sender;\n _master = msg.sender;\n emit OwnershipTransferred(address(0), _owner);\n emit MasterRoleTransferred(address(0), _master);\n }\nfunction bug_tmstmp9() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function owner() public view returns (address)\n {\n return _owner;\n }\nfunction bug_tmstmp25() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function master() public view returns (address)\n {\n return _master;\n }\naddress winner_tmstmp19;\nfunction play_tmstmp19(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp19 = msg.sender;}}\n\n modifier onlyOwner()\n {\n require(isOwner());\n _;\n }\n\n modifier onlyMaster()\n {\n require(isMaster() || isOwner());\n _;\n }\n\n modifier onlyWhenNotStopped()\n {\n require(!isStopped());\n _;\n }\n\n function isOwner() public view returns (bool)\n {\n return msg.sender == _owner;\n }\naddress winner_tmstmp26;\nfunction play_tmstmp26(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp26 = msg.sender;}}\n\n function isMaster() public view returns (bool)\n {\n return msg.sender == _master;\n }\nfunction bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function transferOwnership(address newOwner) external onlyOwner\n {\n _transferOwnership(newOwner);\n }\nfunction bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function transferMasterRole(address newMaster) external onlyOwner\n {\n _transferMasterRole(newMaster);\n }\naddress winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n\n function isStopped() public view returns (bool)\n {\n return stopped;\n }\nfunction bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function stop() public onlyOwner\n {\n _stop();\n }\naddress winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n\n function start() public onlyOwner\n {\n _start();\n }\naddress winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n\n function _transferOwnership(address newOwner) internal\n {\n require(newOwner != address(0));\n emit OwnershipTransferred(_owner, newOwner);\n _owner = newOwner;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n function _transferMasterRole(address newMaster) internal\n {\n require(newMaster != address(0));\n emit MasterRoleTransferred(_master, newMaster);\n _master = newMaster;\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function _stop() internal\n {\n emit Stopped();\n stopped = true;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function _start() internal\n {\n emit Started();\n stopped = false;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n}\n\ncontract AccountWallet is Ownable\n{\n function bug_tmstmp37() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n mapping(string => string) private btc;\n address winner_tmstmp3;\nfunction play_tmstmp3(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp3 = msg.sender;}}\n mapping(string => address) private eth;\n\n uint256 bugv_tmstmp2 = block.timestamp;\n event SetAddress(string account, string btcAddress, address ethAddress);\n uint256 bugv_tmstmp3 = block.timestamp;\n event UpdateAddress(string from, string to);\n uint256 bugv_tmstmp4 = block.timestamp;\n event DeleteAddress(string account);\n\n function version() external pure returns(string memory)\n {\n return '1.0.0';\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function getAddress(string calldata account) external view returns (string memory, address)\n {\n return (btc[account], eth[account]);\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n\n function setAddress(string calldata account, string calldata btcAddress, address ethAddress) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(account).length > 0);\n\n btc[account] = btcAddress;\n eth[account] = ethAddress;\n\n emit SetAddress(account, btcAddress, ethAddress);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function updateAccount(string calldata from, string calldata to) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(from).length > 0);\n require(bytes(to).length > 0);\n\n btc[to] = btc[from];\n eth[to] = eth[from];\n\n btc[from] = '';\n eth[from] = address(0);\n\n emit UpdateAddress(from, to);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n\n function deleteAccount(string calldata account) external onlyMaster onlyWhenNotStopped\n {\n require(bytes(account).length > 0);\n\n btc[account] = '';\n eth[account] = address(0);\n\n emit DeleteAddress(account);\n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n}" + }, + { + "contract": "buggy_14.sol", + "label": "time_manipulation", + "code": "/**\n * Source Code first verified at https://etherscan.io on Friday, April 26, 2019\n (UTC) */\n\npragma solidity ^0.5.1;\n\nlibrary SafeMath {\n\n function mul(uint256 a, uint256 b) internal pure returns (uint256) {\n\n if (a == 0) {\n return 0;\n }\n\n uint256 c = a * b;\n require(c / a == b);\n\n return c;\n }\n\n function div(uint256 a, uint256 b) internal pure returns (uint256) {\n \n require(b > 0);\n uint256 c = a / b;\n \n return c;\n }\n\n function sub(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b <= a);\n uint256 c = a - b;\n\n return c;\n }\n\n function add(uint256 a, uint256 b) internal pure returns (uint256) {\n uint256 c = a + b;\n require(c >= a);\n\n return c;\n }\n\n function mod(uint256 a, uint256 b) internal pure returns (uint256) {\n require(b != 0);\n return a % b;\n }\n}\n\ninterface IERC20 {\n function totalSupply() external view returns (uint256);\n \n function balanceOf(address who) external view returns (uint256);\n \n function transfer(address to, uint256 value) external returns (bool);\n\n function transferFrom(address from, address to, uint256 value) external returns (bool);\n\n function approve(address spender, uint256 value) external returns (bool);\n\n function allowance(address owner, address spender) external view returns (uint256);\n\n\n event Transfer(address indexed from, address indexed to, uint256 value);\n event Approval(address indexed owner, address indexed spender, uint256 value);\n event Burn(address indexed from, uint256 value);\n}\n\n\ncontract ERC20 is IERC20 {\n \n using SafeMath for uint256;\n function bug_tmstmp20 () public payable {\n\tuint pastBlockTime_tmstmp20; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp20); // only 1 transaction per block //bug\n pastBlockTime_tmstmp20 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint8 constant DECIMALS = 18;\n function bug_tmstmp32 () public payable {\n\tuint pastBlockTime_tmstmp32; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp32); // only 1 transaction per block //bug\n pastBlockTime_tmstmp32 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n uint256 private _totalSupply;\n string private _name;\n string private _symbol;\n \n address winner_tmstmp38;\nfunction play_tmstmp38(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp38 = msg.sender;}}\n mapping (address => uint256) private _balances;\n function bug_tmstmp4 () public payable {\n\tuint pastBlockTime_tmstmp4; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp4); // only 1 transaction per block //bug\n pastBlockTime_tmstmp4 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n mapping (address => mapping (address => uint256)) private _allowed;\n\n\n function totalSupply() public view returns (uint256) {\n return _totalSupply;\n }\naddress winner_tmstmp14;\nfunction play_tmstmp14(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp14 = msg.sender;}}\n\n function balanceOf(address owner) public view returns (uint256) {\n return _balances[owner];\n }\naddress winner_tmstmp30;\nfunction play_tmstmp30(uint startTime) public {\n\tif (startTime + (5 * 1 days) == block.timestamp){\n\t\twinner_tmstmp30 = msg.sender;}}\n\n function transfer(address to, uint256 value) public returns (bool) {\n _transfer(msg.sender, to, value);\n return true;\n }\nfunction bug_tmstmp8 () public payable {\n\tuint pastBlockTime_tmstmp8; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp8); // only 1 transaction per block //bug\n pastBlockTime_tmstmp8 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n\n function transferFrom(address from, address to, uint256 value) public returns (bool) {\n _transfer(from, to, value);\n _approve(from, msg.sender, _allowed[from][msg.sender].sub(value));\n return true;\n }\naddress winner_tmstmp39;\nfunction play_tmstmp39(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp39 = msg.sender;}}\n\n function approve(address spender, uint256 value) public returns (bool) {\n _approve(msg.sender, spender, value);\n return true;\n }\nfunction bug_tmstmp36 () public payable {\n\tuint pastBlockTime_tmstmp36; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp36); // only 1 transaction per block //bug\n pastBlockTime_tmstmp36 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function allowance(address owner, address spender) public view returns (uint256) {\n return _allowed[owner][spender];\n }\naddress winner_tmstmp35;\nfunction play_tmstmp35(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp35 = msg.sender;}}\n \n function burn(uint256 value) public {\n _burn(msg.sender, value);\n }\nfunction bug_tmstmp40 () public payable {\n\tuint pastBlockTime_tmstmp40; // Forces one bet per block\n\trequire(msg.value == 10 ether); // must send 10 ether to play\n require(now != pastBlockTime_tmstmp40); // only 1 transaction per block //bug\n pastBlockTime_tmstmp40 = now; //bug\n if(now % 15 == 0) { // winner //bug\n msg.sender.transfer(address(this).balance);\n }\n }\n \n function _mint(address account, uint256 value) internal {\n require(account != address(0));\n _totalSupply = _totalSupply.add(value);\n _balances[account] = _balances[account].add(value);\n emit Transfer(address(0), account, value);\n }\nfunction bug_tmstmp33() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n \n function _transfer(address from, address to, uint256 value) internal {\n require(to != address(0));\n\n _balances[from] = _balances[from].sub(value);\n _balances[to] = _balances[to].add(value);\n emit Transfer(from, to, value);\n \n }\naddress winner_tmstmp27;\nfunction play_tmstmp27(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp27 = msg.sender;}}\n\n function _approve(address owner, address spender, uint256 value) internal {\n require(spender != address(0));\n require(owner != address(0));\n\n _allowed[owner][spender] = value;\n emit Approval(owner, spender, value);\n }\naddress winner_tmstmp31;\nfunction play_tmstmp31(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp31 = msg.sender;}}\n \n function _burn(address account, uint256 value) internal {\n require(account != address(0));\n \n _totalSupply = _totalSupply.sub(value);\n _balances[account] = _balances[account].sub(value);\n emit Transfer(account, address(0), value);\n }\nfunction bug_tmstmp13() view public returns (bool) {\n return block.timestamp >= 1546300800;\n }\n}\n\ncontract ERC20Detailed is IERC20 {\n string private _name;\n string private _symbol;\n address winner_tmstmp7;\nfunction play_tmstmp7(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp7 = msg.sender;}}\n uint8 private _decimals;\n\n constructor (string memory name, string memory symbol, uint8 decimals) public {\n _name = name;\n _symbol = symbol;\n _decimals = decimals;\n }\nuint256 bugv_tmstmp5 = block.timestamp;\n\n /**\n * @return the name of the token.\n */\n function name() public view returns (string memory) {\n return _name;\n }\nuint256 bugv_tmstmp1 = block.timestamp;\n\n /**\n * @return the symbol of the token.\n */\n function symbol() public view returns (string memory) {\n return _symbol;\n }\nuint256 bugv_tmstmp2 = block.timestamp;\n\n /**\n * @return the number of decimals of the token.\n */\n function decimals() public view returns (uint8) {\n return _decimals;\n }\nuint256 bugv_tmstmp3 = block.timestamp;\n}\n\ncontract SaveWon is ERC20, ERC20Detailed {\n address winner_tmstmp23;\nfunction play_tmstmp23(uint startTime) public {\n\tuint _vtime = block.timestamp;\n\tif (startTime + (5 * 1 days) == _vtime){\n\t\twinner_tmstmp23 = msg.sender;}}\n uint8 public constant DECIMALS = 18;\n uint256 public constant INITIAL_SUPPLY = 50000000000 * (10 ** uint256(DECIMALS));\n\n /**\n * @dev Constructor that gives msg.sender all of existing tokens.\n */\n constructor () public ERC20Detailed(\"SaveWon\", \"SVW\", DECIMALS) {\n _mint(msg.sender, INITIAL_SUPPLY);\n }\nuint256 bugv_tmstmp4 = block.timestamp;\n}" + } +] \ No newline at end of file