Announcing the winners of the first Underhanded Solidity Coding Contest

Honorable Mention: Doug Hoyte

Doug’s entry implements a fairly standard token funding contract, with a bug that lets the owner manipulate the contract’s storage in unexpected ways.

Third Place: João Carvalho

João’s entry implements a dutch auction crowdsale as a price discovery mechanism for selling tokens. Give the contract a look over if you’d like to figure out the flaws yourself.

SPOILERS

Although the fallback function captures funds sent to the contract the regular way, the fallback isn’t the only way to send funds to a contract. A selfdestruct by another contract can target the fallback, and result in sending funds without executing any code. This can cause the dutch auction to end early, artificially inflating the token price.

Yudi

Chris

Matthew

Second Place: Richard Moore

Richard’s entry implements a standard token contract with a small variation: the owner may only withdraw the raised funds gradually — 1 ether in the first week, 2 in the second, 4 in the third, and so forth. Stop here and give the contract a read yourself if you want to figure out where the deviousness lies.

Yudi

Chris

Matthew

First Place: Martin Swende

Martin’s entry implements a ‘round table’ for governance, and raises funds by allowing people to bid on seats around the table. A ‘small honorarium’ is paid out to the creator of the contract for each bid. I highly recommend reading his code and trying to figure out for yourself where the flaw is.

Yudi

Christian

Matthew

Wrapping Up

A huge thanks to everyone who submitted, and especially to our hardworking judges, who had to read and rate over 20 deliberately difficult to audit contracts. Look out for a new USCC, with a new theme, next year!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store