FOSSEE Summer Fellowship 2020 - Blockchain

Screening Task: Python Test and Debugging Smart Contracts in Solidity

NOTE: This task has been divided in two parts. It is mandatory to complete both the parts as described below for this screening task to be considered as completed. Both the parts are independent of each other, so you can attempt either of them first.

Part A:  Online Test on Python

  • The test will be available starting from 15th January 2020 
  • Go to https://yaksh.fossee.in/exam
  • Click on New User - Sign Up Button and register using the same Email as used on Moodle
  • In the Search Course Text box, Type in blkchain2020 and click on the Search button
  • You will be able to see the course “Blockchain 2020”
  • Click on the Enroll button beside the Course Name
  • Click on the Start Button
  • On the Course Modules Details Page, click on Start beside the First Task - Python Test Module.
  • On the Module Page, you can start the test by clicking on the Green Start Button

Important Note:

  • The test can be taken at any time/day from 15th January 2020 to 25th February 2020
  • The test has a duration of 45 minutes
  • The test consists of 5 Questions
  • Each Question is a Coding Question which you have to answer using Python Code.
  • Do not attempt to copy, cheat or Google your answers as all submissions are recorded and validated.
  • The test can only be attempted once, candidates will not be allowed to attempt the Quiz more than once under any circumstances
  • The Quiz is completely online and hence you are requested to attempt the Quiz while in a comfortable place with good Internet Connection (Issues arising due to Bad Internet Connection will not be entertained)

Part B: Debugging Smart Contracts in Solidity

In this screening task we are going to look at your troubleshooting, debugging, explaining and overall Solidity skills. Below are three Solidity contracts. Each of them has one or more bugs, programming errors, security vulnerabilities in it, or perhaps even something that we overlooked. Do not stop at the first error you find. That might for instance mean that types are being wrongly cast, values are not being checked, variables not being handled properly or the functioning of the contract would in some edge cases not work as expected. Or anything else really. Feel free to use any tools, such as browser solidity, but work on your own. Do not believe that they are ranked in ascending order of difficulty.

Submission Procedure:

Please describe as good as you can the bug(s), and point out solutions on how they could be fixed. Do not just drop "fixed" contracts, we want to see your thought process. Please write all your answers in a single Markdown file named after your username ex: Parag_Tiwari.md, which you then upload on moodle. Write your name and email id at the top to further reduce the risk of mis-attribution.

Exercise 1

In this contract, the specs are such that value that is sent by the owner is being stored only if it is sent by the owner. It is returned in full when the contract is destroyed after the owner, and only the owner, sends the password to the kill function. This contract has already been deployed, so keep the pragma as it is.

pragma solidity 0.4.19;

contract PiggyBank {

    address owner;

    uint248 balance;

    bytes32 hashedPassword;

    function piggyBank(bytes32 _hashedPassword) {

        owner = msg.sender;

        balance += uint248(msg.value);

        hashedPassword = _hashedPassword;

    }

    function () payable {

        if (msg.sender != owner) revert();

        balance += uint248(msg.value);

    }

    function kill(bytes32 password) {

        if (keccak256(owner, password) != hashedPassword) revert();

        selfdestruct(owner);

    }

}

Exercise 2

In this contract, a shop system processes a payment, sends the payment to a wallet contract and then instructs the warehouse to ship the purchase. What could go wrong?

pragma solidity ^0.4.5;

interface WarehouseI {

    function setDeliveryAddress(string where);

    function ship(uint id, address customer) returns (bool handled);

}

contract Store {

    address wallet;

    WarehouseI warehouse;

    function Store(address _wallet, address _warehouse) {

        wallet = _wallet;

        warehouse = WarehouseI(_warehouse);

    }

    function purchase(uint id) returns (bool success) {

        wallet.send(msg.value);

        return warehouse.ship(id, msg.sender);

    }

}

Exercise 3

In this contract, every value sent to the fallback function is supposed to be equally split between account one, account two and the contract itself. Beside finding out problems with it, how could an attacker game this contract and what would be the end result? Additionally, please provide a working example of an attacker.

pragma solidity ^0.4.9;

contract Splitter {

    address one;

    address two;

    function Splitter(address _two) {

        if (msg.value > 0) revert();

        one = msg.sender;

        two = _two;

    }

    function () payable {

        uint amount = address(this).balance / 3;

        require(one.call.value(amount)());

        require(two.call.value(amount)());

    }

}

Resources to learn Solidity:

  1. Solidity — Solidity 0.5.3 documentation
  2. Solidity in Depth — Solidity 0.6.1 documentation
  3. Solidity by Example — Solidity 0.5.3 documentation

Evaluation Criteria :

  1. Successfully passing the FOSSEE Fellowship Python Test
  2. Debugging Smart Contracts submissions will be evaluated for correctness and uniqueness and top entries will be shortlisted.

Submission Interface:

  1. Login to https://courses.fossee.in/ using your registered credentials.
  2. Click on Blockchain 2020 available under Courses page.

For any queries, mail to "fossee.blockchain[at]gmail[dot]com" with subject line as "FOSSEE Fellowship 2020-Blockchain"