Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Contest entry (Smart Contract Cracking Competition) #55

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

Contest entry (Smart Contract Cracking Competition) #55

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
2ea0a60
Analyze storage scheme, return types, add comments
starlightduck Oct 22, 2022
431c772
Analyzed and created visual diagrams of structures
starlightduck Oct 22, 2022
54214b0
Fix a missing persistency (possibly doublespend)
starlightduck Oct 22, 2022
fbbcaff
Fix possible auction_config protocol violation
starlightduck Oct 22, 2022
47559a4
Small signature verification relax due to naming
starlightduck Oct 22, 2022
ad3f338
Fix signedness in nft_royalty_params to adhere tlb
starlightduck Oct 22, 2022
c89178c
More constants - less magic numbers, mark unused
starlightduck Oct 22, 2022
46e69c9
Some more thoughts on the inpersistency issue
starlightduck Oct 22, 2022
264bf8d
Analyze getters and fix discovered logic error
starlightduck Oct 22, 2022
9166799
Added execution flow analysis of collection
starlightduck Oct 23, 2022
f7d93c2
Partial execution and data flow analysis for item
starlightduck Oct 23, 2022
8c40a9f
FINALLY item execution and data flow is completed!
starlightduck Oct 24, 2022
8d3b0ac
Fix process bid not affecting my balance and typo
starlightduck Oct 24, 2022
1be5c30
Some code polishing using my newest func features
starlightduck Oct 25, 2022
4c40c71
Merge branch 'main' into contest
starlightduck Oct 25, 2022
db66425
Tidy up constant declarations for easier use
starlightduck Oct 25, 2022
64f2078
Account for (estimate) fwd fees in process new bid
starlightduck Oct 25, 2022
c8793f5
Optimize and polish inpersistency fix
starlightduck Oct 25, 2022
fb249ab
Make simple transfer op code 0 more expressive
starlightduck Oct 25, 2022
ae0b466
Analyze message header creation, it is correct
starlightduck Oct 25, 2022
e206744
Merge branch 'main' into contest
starlightduck Oct 25, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added docs/execution-flow-collection.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/execution-flow-item.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions docs/execution-flow.drawio
View file
Open in desktop

Large diffs are not rendered by default.

Binary file added docs/storage-datas.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/storage-structs.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions docs/storage.drawio
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
<mxfile host="Electron" modified="2022-10-22T18:41:11.282Z" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/20.3.0 Chrome/104.0.5112.114 Electron/20.1.3 Safari/537.36" etag="_dZvZXpw-UWE0wYAOrt3" version="20.3.0" type="device" pages="2"><diagram id="Q3KNJlTxku5hrPKVKMSO" name="Data root">7V1dl6I4E/41fTl7lPDl5UzPzO7ZM7277zv7NXvjiRKVGSQejKPur9+gxAYrTaSFENDui5YYaKinnqKqUkke0ONy92OCV4snGpDowRoEuwf0/sGyhsgZ8D9py/7Y4nv+sWGehEHW6bnhc/gvyRqz8+abMCDrQkdGacTCVbFxSuOYTFmhDScJ3Ra7zWhU/K8rPCeg4fMUR7D1rzBgi6zVdeznL34i4Xwh/vXQHR2/WWLRO3uU9QIHdJtrQh8e0GNCKTt+Wu4eSZRKTwjmeN7HF7493VlCYnbJCd5g88+Hx+3u56/k+yPZfvtpTp7eZFf5jqNN9sQhI8txgBnO7prthSzW23AZ4ZgfvZuFUfRII5ocvkHk8MPb1yyh30juG+SiEeI38A7erfjXJGFkl2vK7v5HQpeEJXveJfsWWcczMlUSct3mcHFGWeMih4kjlBBnyjA/XfpZXPxDJrEK0rOAjEjA1Sc7pAlb0DmNcfThufVdQjdxQNKrDvjRc59PlK5445A3fiWM7TMu4A2jvGnBllH2LdmF7O/c5y/ppX5wsqP3u+zKh4O9OIj54/6dP8idlR4+n3Y4EufNaMxyaPqD9PfQK3ibsos3x/SgEbzlY5hK73AeRLtM+9Z0k0xJST+UMR8nc1J2PffYLwWhVKESEmEWfi9yvHbtQIBbQF1YEuJ4ftCL7YIz7/MKHwSx5da0iHqEJyTi6hKQRACSSf4ljKphcDkNhWnOaIgcCQ0hCa2mOGi3ycFn3n3JfaPi4DPtvhRYZzQH3Qs56BnFQeduoY3SDt82Sj1cYKITMoOOzwKv0o8LssNcE7j0ViQJ+R2Q5Ln1N9FkqY35LNwR4eymx+vs40DiWg0Dh3gy12rkegi7TRp698zSQ4fLlrhbqClL78l9Ve76z8J5mbeq6U3oQfkgmYC8pgTkywUUcmu2A/IpWjmFwqYyCXlU9DYK51z/308oY3QJtXU2I+50KtPWwBtNBhUMj3clGBJlPemzFm0dATCmNIp4jBrSeIyDICHrtR5QAkz8mRQUd+qTyaxJUDzDUBFaUnDKXbxMRRtP1umfTRgzy3EBNvyRWRGAojyFO54TftaEM4AiMmMS3JZhELwYAhQ1oj3yyFBqzKcfwrTEOUopg24LIjWV9GJkyd82a4YZaeNtfMo1vvw6Hp6klheR3dgLeYiAIO7hR6XwQ6RMVPHHMIsrlAHIMHOSDAlAxH3nWES3MUm66iGcrEJn/TaRvOrxu6cJkPS+e6B3dk/6NWNX/QvtqrCQpthV7/7mNU1DBmZpCMyW9Dj3V9niW4Yl/4aju8nXQ2jBUyWhkVm5fAumdlJCo49GcXrmT4k8QzrxHdtp1ItzRo5RnLZgmkdk9Fn67DUkEa71dCVJBEcmo2FzNSYwzxLP2IsyaiQ+rO9FVL3qx7T40IJlHUGsKU5vFQfTUvkWTJ2cB+rTw2W6G6g3wRatgbrVTv2FmSHVqYBV6Vihuh2r7NTfaJi+Mk4Zc1TUFtspXuHoKmYnnWnC6S6uUA5YfXFO4CBMa3rf9mBIrhGDq5fLsP6CcVnH4zCe0Rp8tVdIyPdUzpreAgwL5hRivISjYQ3VXsysF2ov3InrVHEOOl98YcHqi4AucRjfABSm+WniwiVmnospjGEJV5fMe9dLLpC65OImUTLsJSzmwNzToFc64eo5J5dOOrHMqnhHMD/R33GNV0wiQ0Wfse0cKIJZDLw5FIlCyPSnP6Xew6lTweI1JyFYkJFJqLZasxMINaaJXUsipebSxAgG0xFes/GEn1UioHPH1Ul/oRU+/sgY6x5+KojaqV/UzkBnkIdgHMyFHHS3ZuukOp0N9xCMu2V63wwODvEDW4aDb01QJWpUx8G4WA/G3X0rnmuCLVpDCOHelGA0T/ASmrF+g2RYoGfDeJybtDHT9HapbyJXdSjOhyVat2q2BbCQTRqSxOa9pswFOOmlTKuzLXqQGxG+uTI3IgYK1SOZZq3IYbe6WEQdVcFey2PY9auIbdaEHBtmG3pdRVg9Hj/lxwzJoNkw87EMY2niw/QAsDoWI9NcJZgc4XZmzEJ9o+C1Oa6V0bAd09CAeZH+hXpNkEav36pOmvQgvGiCTVphErfTXeexK76jc2mhpHDWDPEdHVkNxTll21/x7+ohmLaX/HOgWO9MrMREEQcrmXjpsgoie2oKE++pINM0BBlmq2HdRX/LZKrXN6CBWUG+e5/+q4nQ9Vty+eST0bA4GfW8XuNoUBqbfCL+3Z3/Uv77hk0V9oYAmrvL1wz/rQtf6I5Z0//FfZsefF1baqgx+Prz6dF9Cr6M7J/Rm0+/rv7AH9zfJTtGiGrM2hbirS4j92woWlYk6EnsVS31mFIxQW2ckJjMwmmIk30HKgVLse9CoaD0AWBtfBiHLMTR2Pwho5oQabFkUPoE6ln8HaoYbJU1jZl89YqIXRpF0sYjrRi1uiJixypbyjQg7x9L+2UD3Hn3WH692hdEPJzKHxXvcx1WaYC8zl35LMx2zoxJNmTy8cLu/qC0u3tN7+GwvLtf2p1/OMritWmBMnTztSR4dxOOQZtVt9In6FftgjaQtL51YOVC5keP14ys9HDmVRU/9cBxbqEGbXNGsr1FCghnRAeqsOrB5Lw80QBQ1EsrpPU9/k1Zsguoo9WSSbaz6HQRlj4y6YVJsvriJsHS+fJ9s2z2wDjLpk7e3CBpLsFJa+WiB0mTLiGb0D2O2H7MJSDzo3UsN+GevQZan9zvQY2ON0vCLQyFOUhzDEw57F1I18ufAGYeA3JLeJg2v99TL9nJ7b1kexYz7b022ug19zCJdQfJuAn+HsxvBWTNwlijM1vjzqCV8TBulr/X/7VLGkFJK2uEv9hSHejDK8a5TiuSG1EHdvE2MH7WsWv7OvmtVgr2oFK4fg3xal/P/joNgam+/pb+Vo/JR2p3Vmvpr3+fy3MloS/l88V76Fpm8Vk+lae3S3ZUTkiO7NaK+dlmP/nfL5++/sv+/8+vxN2+mXpTSQnxlEYROVYRB5hhCNyLK5aSw49MrMhFIxRIxVp93N0qCNDxJUXYtojoal8WVypE+BJjdDNdcJtnblqsVBsuHzpUKXNjcaP0/mFyXZZtAaiYGTZqQqipmFF6+/D1sN5MtphbHDbWVdjVIl2GrmGEUZcTd2rQUBtKWkkDE/10G5Nk/I3se88YZNorRp3Q79YOadpg0koZmNB//W629UjIsosS0rqbrfQRYI69G5vZlgLehfF1uULBclFte9m+Kh6uCYYWh9XlOKgrRKeHy3TXujfAFa3G/ZQVv7GdbMvAzCcK5TmK2oeGslNb28hWrhvqFEAnN7LVZm31MhnmA167j21NAmpxG1u5hGCEbvg2tuVAd9c/g1G48dvY1gWFcT6aOgjv1Aap2iij17irZ43eJEqmvYPvy/nV4oHnx/RLPXClqz5sbTWv0vvuW41OPR5ji5vYytFqt+YuR2bzqzLLMrtqOktKdMqGb0xhczvJk/6Y+9r1o7VNl+S33WqJX8dWL9KjIO3tal963zfhD1SfcTxSjoTq9QccgEzH+NwVOrsX0llU05hCZ5jYysbKA01pxhbZ6tiGlZdY6tRW14cfmwBJa8bEgomt2SaKxh3NB1eFwxspK1k0c0Y9W7QHicYGYNLKGgH/PfBs2BER/oU6rjAr8kT3fSUMUxBkViJa3Pc98JRO9HDMCjzRfa6oJjpfmkdqb9u30vu+01k6TDw0LJGEJJVIV65cV4+kRq66sr6phevkkoIZlS4slFaOemcLtxDMqHRj4bq68DCtegup64K6tCaaNtrojdbVOZVbBMmw2i3hAHRu4bqa8Ghz4To5IOrZQx1auE4fSjWxhh8mlLL8lBL+pIsnGpC0x38=</diagram><diagram id="UOIOju1Xv3v8hI32pL_I" name="Storage">7V1bl5s4Ev41/Tg5SFyMH3s6k+Rhc3Z2s3uSPPnQRraZwdAHq9P2/voVbcCGks3FSEiYTh4MxtjUV1Wqq+rBfNruPyfey+Zr7JPwARv+/sH8+IAxsjB+SP8b/uF4xp2ZxxPrJPCzi04nvgX/I9lJIzv7GvhkV7qQxnFIg5fyyWUcRWRJS+e8JInfypet4rD8rS/emoAT35ZeCM9+D3y6yc46tnV64wsJ1pv8q5EzP76z9fKrs0fZbTw/fjs7Zf7xYD4lcUyPr7b7JxKm1MsJc/zcpwvvFr8sIRFt8gFG++TRtZzVLzv82wy+f/3Xv3/8lqHxywtfsyem8d8kWgTRKs5+Nj3kxNi9BdvQi9jR7/DLs9/ziySU7M9OZT/mM4m3hCYHdkn2rpnRJeMMKzt8O5HZzM9tzig8y855GbLr4sanZ2cvssdvQQoLkCLytgQQIYlfI5+kNzIYHd42ASXfXrxl+u4bkwF2bkO37Is/IvYypUbAuOkxDNYRO/ccUxpv2RurIAyf4jBO3m9qrlYrvFyy8zuaMPqfveM7z47tcCl+FdDGMKAyDCaEATkcGExRMNgABj/eekE0fiBmiiGBMIDiATveNiVt9Lx7OVIpiNYAGvbEtEz/Mjmj+F2JnNM+O+Vl+IRkRTmwbQPfT7+EC3eZIYaTFx5IWBhIUINPIDWRJbkozQFKjDTbBTNbVgGEpt+F1rbKxEB46KU2/wFVcgSMNfayFD1xLij62fzZaMGcBbbaLrkFS53gWMZhyOzpII4Wnu8nZLeTA4vvEXfFhcVZuuR5JRQW1Rbg3Hm6ottfg4hiZpZorNxFyI9U5Y7rl+BUhu4MI8VWYOxeXIFp+uxSfV1sQGrYvBUY2cLoAS2SaEUvkkOIsifIt8mMp+znzsz0WjhbBbrarsEmNIn8SNKiOygOqi26JjSGqtp8+X4bfbW5CGmR607NEKA/8dfkW3YYJ3QTr+PIC/84na3Q6nTNP+L4JYPsL0LpIYtCe680LgPKqJocfmSffz/4mR58sPPDj/vzNz8esqMVU6pnQuUa6b/3q/zHNEZ9YgV25lOQ0qILnNRL1uTahU4WW0tJdRX1hIQeDX6VY+A8FLOP/hkH6ZpRrHbV0K5dvsMufk2WJPtQhRWKX3GDBNebzX6Q5goeR2A9C9G4UoXZhnB1zUH0RSF3VqLQDFJIbrzEhh6GjrmJAmltrTQbJon0zE50gEI1Q82GmaLxRb5FiIxc7e5MKGmwCCNnBgCQYVHvA/rjZEOzo59n75zM6fQgt6ZPVvjJ8P5ZsrsHtcKPxm0DK7zWXM+5qj9z/SYWcaC+TcgKGmgb7yV9uSF7jzEDI+ALSQL2E0hyOvtnfgrXL46rYE/yyqB3LZC9NNQKZJhm2WjkSDTPZhS2PM6g4k0DfEl88EJ6WDAKeFsYXxIa9uQlHm1DpiE9m0GivG5J4lHGKJJMuL7yjgXA2lrTMxiT98k94aGaST2DSYGqsRZEFGkdMBEhNlJNNRdmCiaQlDOoXZhG8MmOBpGXFlXI0W39FVO0x6MaAx5ct7kwzDi2LL0QlORKDQx0ht6OLp7ZpwSbqm6ZEpxydLmmqgtDjYwKPkl0LchytS9Nd6EHzGNMMTjYxPUtHg4ufjadFq5tBxxUs1Pd+qCi7rpchLTIVeXQ1a5itOaGIMYNkmpmKnTBmUpbUEmrS3/ed3so1LNQ673vtGAhL2+4F5FRzUadQ//bez2Wyu+oR2FWvl9D1Z3XGqoO5tBDXCkpMqBd1MRqr+oCO/0HEzXHP64F+v7XnPcK5LquqZxCELlOATKg5aO3V3BiHm3dAmRAU0dDv6ALEqo5BsiA9szYPAMhEiO32MCot3S09w3EiJNcnBA0dfT0DjqAoZx7gFB9Z4L+/oEYpCTXUrkAgamWqg0T5IZ6bS0VMrIoeW0xVcFXilRTFbp+GCZBZyxyYpg6JimxyIfZwH0vArhkbqrFJAZMAqU1d+YnwDtDlt2t3CXhr9PPrm3ZHSBtrvyxVav8pZbdzeEivQ0ibihEcX+wAxZzxUymOQZgME2zoIG83pm+LNj2aFi2amjU75OgvdcnRGjkhrfhkjM+L0OINMl1MjCMBGdpCGgbiCzqNjlBcVREnEq0EOcac1p+b8jJ1BC8x+yB7EyN2a2+Snqm5gSovqkac2wFXCfu0TdVY46ihKsLEsqlaszxF3EJkRjJ24veQRmXGHGSjNNYCrk6gKFeqsa8h1IuMUhJTtXANqkpVdOOCXIero3C53HY+lyNqVgYPh9aMeVqlGITSzE2yX/5vWRrOnjpqqVrkDWafE0XNFRL2CALBvJ0zdh0wEO5lE2hYsft/okQHLl2rHUPWRsxEiXZ4dC+7GdoSzLPwzSwJJvutIXsuVqWpGMNySVjcEtFcEmuflThEuuedmTrkH81DdWcjYs5+06ToPqik1OJyvFypzMOoZBASnFaqkhEVsEy8JKDthlUS/s925DFGaQSBTTwwoWujnMHVJTLplr1GQfts6nSpEec+Z+7I6P2p4XIk+QBI4Ma4KOI+FuNLXA7n+xd76eJmWDCntc7nF3wko4m2Z3duTLgxK7olcwQ/9Tw8ozZL13u3HL1vPRT2Ivjs51EoYcBKwVg50Fzb38na7961QacCSrToqJgsQFnjEtmMi92lLzIkZ0eExztIalssugOLzowbp5CwuRC27RTe1SqSVkFYKmf7ZKmM2Cf9bg1Wr34SFZo9SW8I8g6CREoyUDBcJr/mkjcinpQ/WYZyum3+m2K7lJwGiAlOV1rAwSmRJygRFyehG1Q+JfdU5VEnA2Dr1MirrRnpV0S68ETcc4w84NzsW4R3usqnjsmRbRyBQQ4J0OdbOI8bi16dPC8ugBURgcfdYOw0cHIgSvuxBhXGQPLYYyKRW0h2YwxaAuAjoxhyWGMSoGfJVtjzGCogq3ZWyl7QVcCnA7iODbFRecrqyWu7d0dtKNqDAWOOUfVW8y5e1RvMbuK7X7HGWIWv0Ua740w038ba87IstGVkIiASWpEAhvDWqgjiEi00K+NS4Pz2R2K6FecN6BPq7BSXOIqxSWIM9BsxHGr9rq/WlwzdNwKm9PO0vLE2m0o1thQrA+dM9Rr3H3o7SXbVi0izRn+9R5GWDJ5IFno4sbGkJttX15fCI9KAjcw5Azfilb0IpWEeI09LkkF6vp6jZwNr/1Ikv8+LBLK9YBwtruuOvDL9/to7MCLkBi5JQXzYTIJirpZOZ4NrCzUt5XFTyhUy4atSkLhaDmKSyg02IDbD5aMVI9piRC2Ybx95PKsWq/QHHrRlFE7WgTRKu7DcOtAo3z68mXLzeRZbuLSQnNYKhp58qqrV/hC9aHz7Nht7IS5/nH+OacYNN56gbRS0CHBUM9oqy8FZYQKIrg3gE5qXoTYSNby9Q3W94mTYssxzivIphjprTZ5fZFPbpPXpz7mahUgFL/8PlIf7S1I0yxbkEMHSIsg+63zbgTFRrmWhOQxOJgzLrDvMTgnHPQdg4MN6LEpOQbnBKi2Y3CwAR0/vcfgYBHz1+U6HdjgbK+l3+YNXZBQzf/DRr3/p3vVnRCJkexU1Ht/2m+xIUac5OKU8432Y3A6gKHcxjQY1VcU69/mLAYpyWIDEZhiJu2YIN8wrjZmgpoOoy8YS5WYCZrG4KjIJmimGJvAKMSoyw87eOmqjcHBCEZENN3Ntwsaqo3BYV8H4NB1P7IOeCg3BqdQseN2/0QIjmQ79h72VRIjUXKBsgdtZBlBf1oLSzLf/K2BJdn7ng03cglP7VYFNwm8aH1Rws7QD71nEjK28UlSleoLWIkTyGp804YrnC1VcU79orfKY+4c18ojblo0gU3FPLuc/6YwkUpcYiimtfE9ldZ0qIdQbSwVNqch6NLEun+Vzu9imaNyg+vM+GCc/WGzfEPBu2QVjz3pBD12yMT2ZBBK0wl5C1f9Up/rAVWWeu4G8Co6aLcWLUp00H6a3z4/Pn0P97//5+d//0m//PhiWb9x4vO9T47sQKXOkyP7qO3kE4pTbqjV4Mjr8OtQcsh/AmgA6DM2si9MBiw+5D/CqGoPh5Uccap/XKWH8mRJKkrDhsY0q425ygPn9jKf1JzIGP/CUUyLzLbKbTj/sd3VCF2/3L16+cOt0yWvwqvVcMmetNqQJbx8MPC0+ChVv8tHSdvBkj0BUtVTxuByo/NcyZ5AqRY5KoDKuMZKyhMeudpsZFMlJYqTXJy0HCrZExrVSYUKKLeR1T5KBEpu7WMux5U9bJP44IX0sGA04BnUUja1cCprwfDbB1jQG4xet4SpmRjGJdXRMjXI6xDGv/AI0CH0yV0hotwOAhb0/qqKn+l9pPU+oUJER7Lar9/X9S5hUm0LAQs6iT7Z0SCSaNn2uFtNe0TU20fAqvcINcpTSsRJsuQMO53moUMOrNgaXYmasebTabDVtKlHtaFT2Bq0snAE1cYiuKRQP8pwyT0VDHfw1Of15q3kgmEY1YDrsdRS0NbjlKvD52dDd+XZvP2T9Fhh+9OBTSeOI6Pxjil278qOXz5RZaiGs8nBfRAyr99I8EwSbMOoj27CXcmeWMbgws0L20zCfUG4c6+8gXBjOcJdZSjUUbjBvKHqjYQLNy8wpZdwV7a3sIZfuXmVBpNwXxJuo7Fw997rfKEIs8JQXVfuanEFuFF/ws3PlwI2vKVtqL1cVh4fc5KvkhuEoCUzhv6gtsCo1h4EbSHdu4NaI6Jac1B9ukqjmPugUiOsAqu+nFH/4mwBciQVo0H31hhFXxC0IrnXcULd/PuJmSM7dQUJ7QqC6QBdm4LaKjTleoLq60zvb9VRrSMI9gxr3RDUFg7l+oE4c0l07wdqi4l67UANx5Po3Q4kQHTkbn8AAzYjbGsQIUxyYYIRHG2bgdqCoV4vEGcExyQ0MluB2GESx/TcB2JPuvka+yS94v8=</diagram></mxfile>
Loading