Welcome to the Blockchain for Developers DeCal's third assignment. You'll be getting acclimated with external calls, inheritance, and smart contract security.
Your task is to complete both BadAuction.sol and GoodAuction.sol such that they are each, respectively, vulnerable and protected from a push/pull reentrancy attack. Notice that both contracts inherit from AuctionInterface.sol.
Poisoned.sol and NotPoisoned.sol are both players in an adversarial system. Both can conduct external calls to the auctions in order to place bids. While NotPoisoned.sol will act as expected, Poisoned.sol will attempt to take advantage of BadAuction.sol's push-based paradigm. Do not make changes to these contracts
Implement both auctions in order to demonstrate your understanding of what makes smart contracts vulnerable and how to secure them.
All work should be done in contracts/BadAuction.sol and contracts/GoodAuction.sol
- In any situation, a bidder with a lower or the same bid than the current highest bidder should have no effect on the contract
- The contract should return
falsein this situation - The bidder should still be able to get their money back
- The contract should return
- A bidder with a higher bid should:
- Be able to displace the previous highest bidder if the previous highest bidder were not poisoned
- The contract should return
truein this situation
- The contract should return
- Be able to displace the previous highest bidder if bidding at a good auction
- The contract should return
falsein this situation
- The contract should return
- Not be able to displace the previous highest bidder if bidding on a bad auction and the previous highest bidder was poisoned
- The bidder should still be able to get their money back
- Be able to displace the previous highest bidder if the previous highest bidder were not poisoned
- A previous highest bidder should only get back an amount equivalent to what their bet (the previous highest bet) was; no more, no less
- All fifteen tests should pass
- Each auction file should follow the requirements set by the skeleton code (as well as the
AuctionInterface.sol) - Do not change any files except for
BadAuction.solandGoodAuction.sol
You can verify that your smart contract is implemented correctly with truffle test. Be sure to have a testrpc server running in a separate terminal.
Refresher: in an empty terminal, run testrpc to initialize a default testrpc server. If you get errors, read the testrpc documentation.
If you're having trouble passing the tests and would like to play around with the contracts manually:
- Run
truffle migrate - Run
truffle console, This will open up a Node JavaScript console that is connected to your testrpc server
Please fork this repo and push your code up to your fork. Please fill out this Google Form to let us know where you've got your answers: https://goo.gl/forms/TmXtCfx3TRPS2DbF2.
Please feel free to reach out to the staff via Piazza should you run into any trouble.