Announcing the winners of the first Underhanded Solidity Coding Contest

Honorable Mention: Doug Hoyte

Third Place: João Carvalho

External update to the balance to manipulate price

+ Clean, hard to trace back to the team
- Fairly complex

The submission exploits an often overlooked edge case in the EVM and is thus a good submission per se, but there are much shorter submissions for the same edge case where the problem is equally well “hidden”.

very good — i like the selfdestruct transfer technique, though ways that it can be used is restricted and requires somewhat unusual functionality

Second Place: Richard Moore

External update to the balance to underflow max withdrawal amount

+ Short, clean, can be dismissed as a coder oversight
- Overflow/Underflow issue is relatively easy to notice

Nice exploit of something that is not directly visible in the program, but code could be shorter.

cute exploit, fixed by safemath but i like the trigger being funding it before the contract is deployed

First Place: Martin Swende

Exploiting dynamic array length

+ Short, clean, can be dismissed as a coder error, I like the theme :)
- Seems a bit overly complex (no need for a loop), doesn’t actually check msg.value against the bids

Bonus points for actually taking a look at compiled code.

Suspicious that seats.length == bids.length is checked, but not seats.length == NO_OF_SEATS_BID

Relies on the fact that the ABI decoder does not check for overflows, but still: The actual problem is that bids.length is assumed to equal NO_OF_SEATS_BID but this assumption is not checked anywhere, the overflow only helps in executing the exploit.

Impressive understanding of ABI and how solidity handles its own type structures, probably would not have caught the intention in an audit even though i may have caught the bug, also really like the fact that it allows the owner to act in a way where he may not even have to use the bug

Wrapping Up



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store