“This Bank is only for its VIP Customers.”
How to Submit Solution:
Use the below submission form to submit the solution: QuillCTF Submission Form
Objective of CTF
At any cost, lock the VIP user balance forever into the contract.
Note: You can create POCs using Foundry or Hardhat. Without proper POC, your submissions will not be accepted.
Georli Link: https://goerli.etherscan.io/address/0x28e42e7c4bda7c0381da503240f2e54c70226be2
Contract Code:
// SPDX-License-Identifier: MIT
pragma solidity 0.8.7;
contract VIP_Bank{
address public manager;
mapping(address => uint) public balances;
mapping(address => bool) public VIP;
uint public maxETH = 0.5 ether;
constructor() {
manager = msg.sender;
}
modifier onlyManager() {
require(msg.sender == manager , "you are not manager");
_;
}
modifier onlyVIP() {
require(VIP[msg.sender] == true, "you are not our VIP customer");
_;
}
function addVIP(address addr) public onlyManager {
VIP[addr] = true;
}
function deposit() public payable onlyVIP {
require(msg.value <= 0.05 ether, "Cannot deposit more than 0.05 ETH per transaction");
balances[msg.sender] += msg.value;
}
function withdraw(uint _amount) public onlyVIP {
require(address(this).balance <= maxETH, "Cannot withdraw more than 0.5 ETH per transaction");
require(balances[msg.sender] >= _amount, "Not enough ether");
balances[msg.sender] -= _amount;
(bool success,) = payable(msg.sender).call{value: _amount}("");
require(success, "Withdraw Failed!");
}
function contractBalance() public view returns (uint){
return address(this).balance;
}
}
‣
Learning Materials:
Solutions:
Author -
Team QuillAudits