sjstheesar · August 5, 2021 07:37 · Feb 20, 2020
diff --git a/bZx.exploit b/bZx.exploit
@@ -0,0 +1,125 @@
+#
+#  Panoramix v4 Oct 2019 
+#  Decompiled source of 0x4f4e0f2cb72E718fC0433222768c57e823162152
+# 
+#  Let's make the world open source 
+# 
+#
+#  I failed with these: 
+#  - unknowna270ef06(?)
+#  All the rest is below.
+#
+
+def storage:
+  stor0 is uint256 at storage 0
+  stor0 is addr at storage 0
+
+def _fallback() payable: # default function
+  stop
+
+def unknown7f5b002e(uint256 _param1): # not payable
+  require calldata.size - 4 >=′ 32
+  require _param1 == addr(_param1)
+  return eth.balance(_param1)
+
+def unknown363a7ef7(): # not payable
+  if not addr(stor0):
+      uint256(stor0) = tx.origin or Mask(96, 160, uint256(stor0))
+  if addr(stor0) != tx.origin:
+      revert with 0, 'bad origin'
+
+def unknown746a5053(uint256 _param1, uint256 _param2) payable: 
+  require calldata.size - 4 >=′ 64
+  require _param1 == addr(_param1)
+  require _param2 == _param2
+  if not addr(stor0):
+      uint256(stor0) = tx.origin or Mask(96, 160, uint256(stor0))
+  if addr(stor0) != tx.origin:
+      revert with 0, 'bad origin'
+  create contract with 0 wei
+                  code: 0xfe608060405234801561001057600080fd5b5060da8061001f6000396000f3fe608060405260043610601c5760003560e01c8063f2adf1cb14601e575b005b348015602957600080fd5b50601c60353660046050565b806001600160a01b0316ff5b8035604a816083565b92915050565b600060208284031215606157600080fd5b6000606b84846041565b949350505050565b60006001600160a01b038216604a565b608a816073565b8114609457600080fd5b5056fea365627a7a7231582002418c334d1aed8da2f2f5f053319e0c542be659c16228e886da830043f4c02a6c6578706572696d656e74616cf564736f6c634300051000
+  if not create.new_address:
+      revert with ext_call.return_data[0 len return_data.size]
+  call addr(create.new_address) with:
+     value _param2 wei
+       gas 2300 * is_zero(value) wei
+  if not ext_call.success:
+      revert with ext_call.return_data[0 len return_data.size]
+  require ext_code.size(addr(create.new_address))
+  call addr(create.new_address).0xf2adf1cb with:
+       gas gas_remaining wei
+      args addr(_param1)
+  if not ext_call.success:
+      revert with ext_call.return_data[0 len return_data.size]
+  return 0, 64, 0
+
+def unknown41fc3baf(uint256 _param1, array _param2, uint256 _param3) payable: 
+  require calldata.size - 4 >=′ 96
+  require _param1 == addr(_param1)
+  require _param2 <= 18446744073709551615
+  require _param2 + 35 <′ calldata.size
+  require _param2.length <= 18446744073709551615
+  require ceil32(_param2.length) + 128 >= 96 and ceil32(_param2.length) + 128 <= 18446744073709551615
+  require _param2 + _param2.length + 36 <= calldata.size
+  mem[128 len _param2.length] = _param2[all]
+  mem[_param2.length + 128] = 0
+  require _param3 == _param3
+  if not addr(stor0):
+      uint256(stor0) = tx.origin or Mask(96, 160, uint256(stor0))
+  if addr(stor0) != tx.origin:
+      revert with 0, 'bad origin'
+  mem[ceil32(_param2.length) + 128 len ceil32(_param2.length)] = _param2[all], mem[_param2.length + 128 len ceil32(_param2.length) - _param2.length]
+  if ceil32(_param2.length) > _param2.length:
+      mem[ceil32(_param2.length) + _param2.length + 128] = 0
+  call addr(_param1) with:
+     funct Mask(32, -(8 * ceil32(_param2.length) + -_param2.length + 4) + 256, 0) >> -(8 * ceil32(_param2.length) + -_param2.length + 4) + 256
+     value _param3 wei
+       gas gas_remaining wei
+      args mem[ceil32(_param2.length) + 132 len _param2.length - 4]
+  if return_data.size:
+      return bool(ext_call.success), Array(len=return_data.size, data=ext_call.return_data)
+  mem[ceil32(_param2.length) + 128] = bool(ext_call.success)
+  mem[ceil32(_param2.length) + 160] = 64
+  mem[ceil32(_param2.length) + 192] = _param2.length
+  return Mask(8 * -ceil32(_param2.length) + _param2.length + 32, 0, 0), 
+         mem[_param2.length + 160 len (2 * ceil32(_param2.length)) + -_param2.length + 64]
+
+def unknown8b418713(uint256 _param1, uint256 _param2, uint256 _param3, array _param4): # not payable
+  require calldata.size - 4 >=′ 128
+  require _param1 == addr(_param1)
+  require calldata.size - 36 >=′ 64
+  require _param2 == addr(_param2)
+  require _param3 == _param3
+  mem[128] = _param3
+  require _param4 <= 18446744073709551615
+  require _param4 + 35 <′ calldata.size
+  require _param4.length <= 18446744073709551615
+  require ceil32(_param4.length) + 192 >= 160 and ceil32(_param4.length) + 192 <= 18446744073709551615
+  mem[160] = _param4.length
+  require _param4 + _param4.length + 36 <= calldata.size
+  mem[192 len _param4.length] = _param4[all]
+  mem[_param4.length + 192] = 0
+  if not addr(stor0):
+      uint256(stor0) = tx.origin or Mask(96, 160, uint256(stor0))
+  if addr(stor0) != tx.origin:
+      revert with 0, 'bad origin'
+  mem[ceil32(_param4.length) + 192 len ceil32(_param4.length)] = _param4[all], mem[_param4.length + 192 len ceil32(_param4.length) - _param4.length]
+  if ceil32(_param4.length) > _param4.length:
+      mem[ceil32(_param4.length) + _param4.length + 192] = 0
+  call this.address with:
+     funct Mask(32, -(8 * ceil32(_param4.length) + -_param4.length + 4) + 256, 0) >> -(8 * ceil32(_param4.length) + -_param4.length + 4) + 256
+       gas gas_remaining wei
+      args mem[ceil32(_param4.length) + 196 len _param4.length - 4]
+  if return_data.size:
+      return bool(ext_call.success), Array(len=return_data.size, data=ext_call.return_data)
+  mem[ceil32(_param4.length) + 192] = bool(ext_call.success)
+  mem[ceil32(_param4.length) + 224] = 64
+  mem[ceil32(_param4.length) + 256] = _param2
+  mem[ceil32(_param4.length) + 288 len ceil32(_param2)] = mem[128 len ceil32(_param2)]
+  if ceil32(_param2) > _param2:
+      mem[ceil32(_param4.length) + _param2 + 288] = 0
+  return Mask(8 * -ceil32(_param4.length) + _param4.length + 32, 0, 0), 
+         mem[_param4.length + 224 len ceil32(_param4.length) + -_param4.length + 32],
+         _param2,
+         mem[ceil32(_param4.length) + 288 len ceil32(_param2)]
+