Changed missing constructor to more sensible name

blperez01 · bohendo · commit cdeda84e02f1 · 2018-09-19T14:15:05.000-04:00
diff --git a/wrong_constructor_name/README.md b/wrong_constructor_name/README.md
@@ -0,0 +1,15 @@
+# Missing constructor
+
+If the constructor of a smart contract is not present (or not spelled the same way as the contract name), it is callable by anyone.
+
+## Attack
+Anyone can call the function that was supposed to be the constructor.
+As a result anyone can change the state variables initialized in this function.
+
+## Mitigations
+
+- Use `constructor` instead of a named constructor
+
+## Examples
+- [Rubixi](Rubixi_source_code/Rubixi.sol) uses `DynamicPyramid` instead of `Rubixi` as a constructor
+- An [incorrectly named constructor](Missing.sol)
diff --git a/wrong_constructor_name/Rubixi_source_code/Rubixi.sol b/wrong_constructor_name/Rubixi_source_code/Rubixi.sol
@@ -0,0 +1,155 @@
+// 0xe82719202e5965Cf5D9B6673B7503a3b92DE20be#code
+pragma solidity ^0.4.15;
+
+contract Rubixi {
+
+        //Declare variables for storage critical to contract
+        uint private balance = 0;
+        uint private collectedFees = 0;
+        uint private feePercent = 10;
+        uint private pyramidMultiplier = 300;
+        uint private payoutOrder = 0;
+
+        address private creator;
+
+        //Sets creator
+        function DynamicPyramid() {
+                creator = msg.sender;
+        }
+
+        modifier onlyowner {
+                if (msg.sender == creator) _;
+        }
+
+        struct Participant {
+                address etherAddress;
+                uint payout;
+        }
+
+        Participant[] private participants;
+
+        //Fallback function
+        function() {
+                init();
+        }
+
+        //init function run on fallback
+        function init() private {
+                //Ensures only tx with value of 1 ether or greater are processed and added to pyramid
+                if (msg.value < 1 ether) {
+                        collectedFees += msg.value;
+                        return;
+                }
+
+                uint _fee = feePercent;
+                //50% fee rebate on any ether value of 50 or greater
+                if (msg.value >= 50 ether) _fee /= 2;
+
+                addPayout(_fee);
+        }
+
+        //Function called for valid tx to the contract
+        function addPayout(uint _fee) private {
+                //Adds new address to participant array
+                participants.push(Participant(msg.sender, (msg.value * pyramidMultiplier) / 100));
+
+                //These statements ensure a quicker payout system to later pyramid entrants, so the pyramid has a longer lifespan
+                if (participants.length == 10) pyramidMultiplier = 200;
+                else if (participants.length == 25) pyramidMultiplier = 150;
+
+                // collect fees and update contract balance
+                balance += (msg.value * (100 - _fee)) / 100;
+                collectedFees += (msg.value * _fee) / 100;
+
+                //Pays earlier participiants if balance sufficient
+                while (balance > participants[payoutOrder].payout) {
+                        uint payoutToSend = participants[payoutOrder].payout;
+                        participants[payoutOrder].etherAddress.send(payoutToSend);
+
+                        balance -= participants[payoutOrder].payout;
+                        payoutOrder += 1;
+                }
+        }
+
+        //Fee functions for creator
+        function collectAllFees() onlyowner {
+                if (collectedFees == 0) throw;
+
+                creator.send(collectedFees);
+                collectedFees = 0;
+        }
+
+        function collectFeesInEther(uint _amt) onlyowner {
+                _amt *= 1 ether;
+                if (_amt > collectedFees) collectAllFees();
+
+                if (collectedFees == 0) throw;
+
+                creator.send(_amt);
+                collectedFees -= _amt;
+        }
+
+        function collectPercentOfFees(uint _pcent) onlyowner {
+                if (collectedFees == 0 || _pcent > 100) throw;
+
+                uint feesToCollect = collectedFees / 100 * _pcent;
+                creator.send(feesToCollect);
+                collectedFees -= feesToCollect;
+        }
+
+        //Functions for changing variables related to the contract
+        function changeOwner(address _owner) onlyowner {
+                creator = _owner;
+        }
+
+        function changeMultiplier(uint _mult) onlyowner {
+                if (_mult > 300 || _mult < 120) throw;
+
+                pyramidMultiplier = _mult;
+        }
+
+        function changeFeePercentage(uint _fee) onlyowner {
+                if (_fee > 10) throw;
+
+                feePercent = _fee;
+        }
+
+        //Functions to provide information to end-user using JSON interface or other interfaces
+        function currentMultiplier() constant returns(uint multiplier, string info) {
+                multiplier = pyramidMultiplier;
+                info = 'This multiplier applies to you as soon as transaction is received, may be lowered to hasten payouts or increased if payouts are fast enough. Due to no float or decimals, multiplier is x100 for a fractional multiplier e.g. 250 is actually a 2.5x multiplier. Capped at 3x max and 1.2x min.';
+        }
+
+        function currentFeePercentage() constant returns(uint fee, string info) {
+                fee = feePercent;
+                info = 'Shown in % form. Fee is halved(50%) for amounts equal or greater than 50 ethers. (Fee may change, but is capped to a maximum of 10%)';
+        }
+
+        function currentPyramidBalanceApproximately() constant returns(uint pyramidBalance, string info) {
+                pyramidBalance = balance / 1 ether;
+                info = 'All balance values are measured in Ethers, note that due to no decimal placing, these values show up as integers only, within the contract itself you will get the exact decimal value you are supposed to';
+        }
+
+        function nextPayoutWhenPyramidBalanceTotalsApproximately() constant returns(uint balancePayout) {
+                balancePayout = participants[payoutOrder].payout / 1 ether;
+        }
+
+        function feesSeperateFromBalanceApproximately() constant returns(uint fees) {
+                fees = collectedFees / 1 ether;
+        }
+
+        function totalParticipants() constant returns(uint count) {
+                count = participants.length;
+        }
+
+        function numberOfParticipantsWaitingForPayout() constant returns(uint count) {
+                count = participants.length - payoutOrder;
+        }
+
+        function participantDetails(uint orderInPyramid) constant returns(address Address, uint Payout) {
+                if (orderInPyramid <= participants.length) {
+                        Address = participants[orderInPyramid].etherAddress;
+                        Payout = participants[orderInPyramid].payout / 1 ether;
+                }
+        }
+}
diff --git a/wrong_constructor_name/incorrect_constructor.sol b/wrong_constructor_name/incorrect_constructor.sol
@@ -0,0 +1,25 @@
+pragma solidity ^0.4.15;
+
+contract Missing{
+    address private owner;
+
+    modifier onlyowner {
+        require(msg.sender==owner);
+        _;
+    }
+
+    // The name of the constructor should be Missing
+    // Anyone can call the IamMissing once the contract is deployed
+    function IamMissing()
+        public 
+    {
+        owner = msg.sender;
+    }
+
+    function withdraw() 
+        public 
+        onlyowner
+    {
+       owner.transfer(this.balance);
+    }
+}
