mnCollaborativelaw: 2020

Jan Hoistad Ph.D., LP

hi there

Get an amaazing Domain Authority score above 50 for your website and
increase sales and visibility in just 30 days
https://www.str8creative.co/product/moz-da-seo-plan/

Service is guaranteed

Regards
Mike
Str8 Creative
support@str8creative.co

Jan Hoistad Ph.D., LP

hi

Yes, it is possible, with our service here
https://negativerseo.co/

for further information please email us here
support@negativerseo.co

thanks
Peter

Jan Hoistad Ph.D., LP

hi there

Getting Top 10 Posit%on in Search Engines is a$Must for every Website if
you are really seri!us to do Online Business. If you are not in top 10 it
means you are getting only 5% of visitors for that particular keyword.

Please find more information on our plan here:
https://str8creative.co/product/seo-ultimate/

thanks
Frazier
support@str8creative.co

Jan Hoistad Ph.D., LP

hi there

Here is how we can do it
https://www.str8creative.co/product/moz-da-seo-plan/

Regards
Mike
Str8 Creative
support@str8creative.co

Jan Hoistad Ph.D., LP

hi

Yes, it is possible, with our service here
https://negativerseo.co/

for further information please email us here
support@negativerseo.co

thanks
Peter

Jan Hoistad Ph.D., LP

hi there

After checking your website SEO metrics and ranks, we determined that you
can get a real boost in ranks and visibility by using any of our plan below
https://www.cheapseosolutions.co/cheap-seo-packages/index.html

cheap and effective SEO plan
onpage SEO included

For the higher value plans, DA50 DR50 TF20 SEO metrics boost is inlcuded

thank you
Mike
support@cheapseosolutions.co

Jan Hoistad Ph.D., LP

hi there

Do you mean that you want 1 backlinks from 1 domain? unique domains links
like this?

yes, we offer that here
https://str8creative.co/product/unique-domains-links/

thanks and regards
Mike
support@str8creative.co

Jan Hoistad Ph.D., LP

hi there

1000 Edu blog backlinks to improve your backlinks base and increase SEO
metrics and ranks
http://www.str8-creative.io/product/edu-backlinks/

Improve domain authority with more .edu blog backlinks

Unsubscribe from this newsletter
http://www.str8-creative.io/unsubscribe/

Jan Hoistad Ph.D., LP

We`ll get your website to have Domain Authority 50 or we`ll refund you every
cent

for only 150 usd, you`ll have DA50 for your website, guaranteed

Order it today:
http://www.str8-creative.co/product/moz-da-seo-plan/

thanks
Alex Peters

Jan Hoistad Ph.D., LP

hi
05587361588861284376noreply

Glad to hear that, here are the details below

More information here:
http://www.realsocialsignals.co/buy-social-signals/

For the best ranking results, buy Monthly basis Social signals, provided
daily, month after month:
http://www.realsocialsignals.co/custom-social-signals/

Regards
Louis

http://www.realsocialsignals.co/unsubscribe/

2018-11-9, tr, 19:37 05587361588861284376noreply
<05587361588861284376noreply@blogger.com> raše:
Hi there, Please send me the Social signals offer that we talked about over
the phone. I`m interested and I want to boost my SEO metrics with t$his new
SEO me#thod. Thanks again, will wait your reply.

Jan Hoistad Ph.D., LP

We`ll get your website to have Domain Authority 50 or we`ll refund you every
cent

for only 150 usd, you`ll have DA50 for your website, guaranteed

Order it today:
http://www.str8-creative.co/product/moz-da-seo-plan/

thanks
Alex Peters

Jan Hoistad Ph.D., LP

#SuzyCube #gamedev #indiedev #madewithunity @EGLXofficial

EGLX is coming to Toronto from October 26 to the 28th and I will be giving an updated version of the talk I gave in Ottawa for CGX a few months ago!

Jan Hoistad Ph.D., LP

What's going on everyone!?

Today for the #2019gameaday challenge I played a solo game of Carcassonne and although I didnt place last I didn't place first. You know what our good friend Ricky Bobby says about that. ;)

It was a close game until the last 3rd of the game I would say. But that doesn't stop it from being any less fun!

I don't know if I'll ever be sick of this game or not but I can assure you that it will not be any time in the foreseeable future, lol.

As always, thank you for reading and don't forget to stop and smell the meeples! :)

-Tim

Jan Hoistad Ph.D., LP

Rank the google maps top 5 for your money keywords, guaranteed

http://www.str8-creative.io/product/1500-gmaps-citations/

regards,
Str8 Creative

Jan Hoistad Ph.D., LP

You could say this all started back when I met Professor Oak in Pallet Town. My story doesn't start out much different from the stories of many other young aspiring Pokémon enthusiasts. The idea to build a Pokémon preserve and sanctuary came to me much earlier, of course, but I didn't start working on it in earnest until after a very long discussion with the original Pokémon Professor. His research on the natural relationships between humans and Pokémon, particularly his work on shared habitats and habitats in close proximity, really inspired some of my early ideas of building a park that people and Pokémon could both enjoy.
I had wanted to meet Professor Oak in person for quite some time, but travel to the Kanto region was quite expensive for me as a teenager. I was seventeen when I first read some of Professor Oak's articles in current Pokémon journals. I learned that the professor was working on a revolutionary new device that was capable of recording and studying Pokémon both in the wild and in captivity. We know this device today as the Pokédex, and back then it really ignited my budding desire to capture, catalog and build an environment in which Pokémon could thrive and people could come study or otherwise spend time with them. The Pokédex is exactly what I felt I needed to set things into motion and so I began corresponding with Professor Oak several months before we actually met in person.
Through our correspondence, the professor was more than happy to keep me up to date on his progress with the Pokédex. When it was finally ready for field testing he sent me a personal invitation to Kanto. The idea was to form a mutually beneficial relationship where I helped him test the Pokédex while he and the Pokédex itself would help me begin my arduous task that lay ahead. I spent almost all I had saved to get myself to Kanto, but it was completely worth it looking back. The Pokédex proved to be invaluable to my task, and Professor Oak himself was an amazing mentor.
The day I arrived in Pallet Town, Professor Oak and I spoke about Pokémon passionately for several hours. I understood the fundamentals of catching and battling Pokémon, of course, but the professor was shocked to know that I'd never caught or trained a Pokémon myself. During the course of our talk, he convinced me that in order to build my Pokémon Sanctuary, I would need to know all I could about Pokémon and that there was no less certain way than to begin my journey as a Pokémon Trainer. He entrusted me with one of his earliest versions of the Pokédex which was rudimentary compared to what we see nowadays, but still unbelievably advanced at the time. Then he took me out to a field just beyond the boundaries of Pallet Town where we waited patiently for an opportunity to catch my first Pokémon.
While we were sitting out in that field, Professor Oak told me that he had recently given away his last remaining Pokémon, so we would have to wait for a Pokémon significantly weakened and unable to resist capture. He also told me that if I were successful at field testing his Pokédex in Kanto, he would make sure to acquire the three beginner Pokémon that he'd recently given away to young Kanto trainers from Pallet Town. The Charmander, Squirtle and Bulbasaur native to Kanto were extremely rare and Professor Oak was one of the few ways to get ahold of such unique Pokémon. It was a rare opportunity for me to get some exclusive Pokémon into my Sanctuary when I was able to open it. Sitting there in the tall grass with Professor Oak, I knew that this was one of those important moments in my life where everything was about to change forever. I took a great risk coming to Pallet Town with my life's savings, but I would eventually leave with my first Pokémon companion and the very tool I would need to catch, catalog, study and care for every new Pokémon I could find. It felt amazing.

Now, catching that first Pokémon was not at all what I was expecting. It's safe to say that my first Pokémon was quite possibly the most feeble and sickly Rattata within three miles. We saw many healthy Pidgey and Rattata soaring through the air or scurrying through the grasses, but the professor assured me that we'd only be wasting our Pokéballs on them unless they were weakened. It was a daunting test of patience, but finally the most pathetic Rattata the world has ever known crossed our paths and was easily captured. He was scrawny and weak, but he was mine and I really did adore that little fellow. I named him Rascal and we were instant friends. Once I was armed with my own captured Pokémon and a Pokédex, Professor Oak and I parted ways. He told me to head north towards Viridian City - a bit of a sleepy hamlet compared to the cities I was used to back home. Along the way I could train Rascal and I would be able to find a gym in Viridian where I could continue the training.
Some of my toughest challenges as a trainer were those first few days with Rascal. He was honestly much too weak to face a full strength Pidgey or Rattata, so again we had to choose our battles carefully. I made sure he was well fed, rested and groomed, but actually getting battle experience and building up his strength was a tedious job. Although your first Pokémon is intended to keep you safe from wild Pokémon that have a tendency to be territorial, Rascal couldn't really protect me from much of anything on that initial trip up to Viridian City. We made our way very slowly and carefully avoiding unwanted attention. I took the time, hiding in the long grass, to sketch Rascal and wild Pokémon alike, but we did everything in our power to avoid unnecessary battles. They could have been a disastrous and premature end to my Pokémon journey.
Rascal and I did come stumbling into Viridian City sometime after dark that day, if I recall. I was broke having spent everything I had just getting to the Kanto region, but what little I did have I spent on Pokéballs and some lodging there in the city. I spent at least a week in Viridian City. Part of the reason was waiting for the Pokémon gym to reopen after a mysterious closure some time before we arrived, but part of me was also taking the time to slowly build up Rascal's strength and endurance. Alongside Rascal, I carefully studied the Rattata and Pidgey found along Route 1 which connected the city to Pallet Town. At first, Rascal could only confront other Rattata that we found alone and vulnerable, but slowly - painfully slowly - he built up enough strength to defend against healthy Rattata and Pidgey as well. It was a harrowing week of hiding and running from the strong, and building up Rascal's ability and confidence on the weak, but we managed to persevere.

Current Team:

Jan Hoistad Ph.D., LP

Free Counter

Blimey, been a long time since I looked at this, lots has happened, both in life and in wargaming.
Anyway, I will be re-visiting this blog. Maybe not as much as I did seven (7!!) years ago, but I feel now it would be fun to do a bit from time to time.
The main reason for not keeping this blog up was that I'd pretty much run out of puff, so, hopefully now I should be able to capitalise on having had a long break to come up with a few things that some folk might be interested in.

Nazis for Big COC currently on the workbench

Jan Hoistad Ph.D., LP

We`ll get your website to have Domain Authority 50 or we`ll refund you every
cent

for only 150 usd, you`ll have DA50 for your website, guaranteed

Order it today:
http://www.str8-creative.co/product/moz-da-seo-plan/

thanks
Alex Peters

Jan Hoistad Ph.D., LP

Free Fire 1.39.0 APK+OBB

===============================================

How To Install Free Fire 1.39.0 APK+OBB without Errors and Problems

===============================================

Screenshots

Free Fire 1.39.0 APK+OBB :-

CLICK HERE

----------------------------------------------------------------------

THANK YOU SO MUCH FOR VISITING OUR SITE.

Jan Hoistad Ph.D., LP

Beyond Hello World

This will be our last week of basics before we hop into actual vulnerabilities.

In the last chapter, we covered a lot of differences between solidity and a traditional language and the keywords it uses to differentiate functionality within functions and transactions. We also reviewed a simple transaction on Remix. Hopefully, creating your first transaction and reviewing it was a useful exercise.

In this chapter, we will cover some other key aspects of understanding before we hop into our vulnerability discovery and exploitation. These key aspects will round off your understanding and really benefit you when attacking smart contracts. This will enable us to look at advanced solidity concepts with an offensive security mindset and help us to determine how to use them to our advantage when hacking smart contracts in the rest of this series.

I am sure you have noticed from the simple hello world example that Solidity is very much like a traditional program from a structural and coding standpoint. It only has some keywords and financial transnational differences due to its use case.

We will now cover another smart contract example where we will learn a lot more about the other key aspects of coding in solidity that makes it different and interesting, yet still is very easy to understand. This will be a fuller featured contract that covers a large portion of typical functionality. We will break down each part of this smart contract in chunks and explain what the contract does which will provide enough context to jump into the exploitation chapters that follow and start to do some really cool attacks.

I would suggest that you type out this code into Remix and play around with it rather than copy paste or rely on reading this chapter alone.

Note: On the deposit function, just note you will need to add a value to the value field above the deploy options. You can also check the video walk through in the references for a functionality walk through if you get stuck.

Deploying this contract and playing with it, will give you an understanding of how it works in order to better understand what the code does. This is similar to a reconnaissance phase when testing an application where a walk through of the application functionality is the first thing you should do prior to running attacks and scans against your target. The deeper understanding of how an application works at a functional level is always a tremendous asset into subverting its business logic which is where the real vulnerabilities are found that do the most damage. If you do not understand what the application does, you will not find the best attack vectors against it.

Hands on Lab – Type out and review contract functionality:

Below is the full contract for your review. Type this out in remix, play with it a bit, and try out the following steps. Then come back for an explanation of each piece of the code.

Action Steps:

ü Type out the code below and try to understand what it does
ü Compile and deploy the code into remix
ü Deposit 1 Ether into your account using the value field and denomination drop down
ü Check your Balance
ü Withdraw your balance (note this is in a smaller denomination we will explain that)
ü Check your Balance again
ü Click the isOwner button from a few of your accounts, and click the owner button to show the owner
ü Then finally try the withdrawAll from a non-owner account followed by trying withdrawAll

from the owner account and note your balances.

1.  pragma solidity 0.6.6;

2.

3.  contract HelloWorld_Bank{

4.    address public owner;

5.    mapping (address => uint) private balances;

6.

7.    constructor () public payable {

8.      owner = msg.sender;

9.     }

10.

11.//Setting Up authorization

12. function isOwner () public view returns(bool) {

13.   return msg.sender == owner;

14.  }

15.

16. modifier onlyOwner() {

17.   require(isOwner());

18.   _;

19. }

20.

21. function deposit () public payable {

22.  require((balances[msg.sender] + msg.value) >= balances[msg.sender]);

23.  balances[msg.sender] += msg.value;

24. }

25.

26. function withdraw (uint withdrawAmount) public {

27.    require (withdrawAmount <= balances[msg.sender]);

28.

29.    balances[msg.sender] -= withdrawAmount;

30.    msg.sender.transfer(withdrawAmount);

31. }

32.

33.

34. function withdrawAll() public onlyOwner {

35.    msg.sender.transfer(address(this).balance);

36. }

37.

38. function getBalance () public view returns (uint){

39.    return balances[msg.sender];

40.}

41.}

Video Walk Through:

Code Level Walk Through of HelloWorld Bank

While walking through the application in the action steps, you should have gotten a feel for what the contract does. By typing out the code you should also have at least a high-level understanding of the code logic. We will now break the code into chunks and make sure that your understanding does not hold you back from learning as we move into exploitation in the next section.

1.  pragma solidity 0.6.6;

2.

3.  contract HelloWorld_Bank{

4.    address public owner;

5.    mapping (address => uint) private balances;

Our first chunk of code starts off similarly with our pragma line which states the compiler version used for execution of the smart contract as seen in the last chapter followed by the contract name. Next, we have two variables which are created on lines 4 and 5. Both of these variables have a great importance to the flow of the application.

The first variable created is "owner" on line 4. This will be the contracts administrator which is not explicitly defined here, but instead defined in the next chunk of code in the constructor. Defining an owner in the constructor is common convention used in solidity to have an administrative user to limit usage of specific functionality. Usually, authorization of functionality is handled in a security library, for example Openzeppelin, which we will cover extensively when fixing smart contract vulnerabilities. However, in this case, we will show a simple implementation of authorization.

The second variable created "balances" on line 5 is something called a mapping in solidity. Mappings are similar to a dictionary lookup. It is a key value pair where in this case the address is mapped to a uint value. The key is the address of the user, while the value is the users balance within the contract. So, if you were to perform a dictionary lookup of a user's address you would be provided back their bank balance. You will also note that this is a private variable meaning that you cannot retrieve this value directly outside of the contract by referencing it. However, private variables as we will in later chapters are not as private as we think on the blockchain.

1.    constructor () public payable {

2.           owner = msg.sender;

3.    }

4.

5.    function isOwner () public view returns(bool) {

6.           return msg.sender == owner;

7.    }

This next section of code is called the constructor. The constructor runs one time when the contract is deployed and will set things up for the contract. In this case we are creating a constructor which is payable meaning that when you deploy the contract you can send Ethereum and that Ethereum will be stored within the contract's balance. This is useful if the contract requires a balance for some of its actions right out of the gate.

In line 2 we see our previously created owner variable being set to msg.sender. This is a way for the contract to set an administrative user when the contract is created. Since the constructor runs only one time, it's a good place to set an initial user. Often you will see this paired with a change owner function that is protected by the owner's authorization level and allows the current owner to set a new administrative user. The msg.sender variable in solidity is simply the users address who called the function, or in this case the user who published the contract initially. This is tied to the user's public address they use for transactions.

Each time a user interacts with a contract, their address is known by the contract as the msg.sender value and this address is used to associate values with their account sort of like a session variable in a sense. You can use this value to map functionality to that user. In the context of this contract you will see the msg.sender value used to set the Owner, validate the Owner, map balances on accounts and transfer value back to the user.

On line 5 you will see a function created solely for the purpose of checking if the user interacting with a contract is the owner of the application. It checks this by returning true if the msg.sender value equals the current owners address. This is how the application enforces its authorization level on administrative users. For example, if you used require(isOwner) in the beginning of a function the function would refuse to run the rest of its code if the user calling the contract was not the owner:

1.     modifier onlyOwner() {

2.        require(isOwner());

3.        _;

4.     }

Above you will see an authorization modifier using isOwner implemented in line 2. This modifier is used to return a simple true or false based on the same require statement we referenced using isOwner. However, with a modifier we can check within the definition of a function instead of the body of the function as you will see further below with the withdrawAll function. For now, as an example of a modifiers usage check out the following doesSomethingCool function definition, note onlyOwner within the definition. This is how we would use a modifier for authorization checks.

1.  function doesSomeThingCool() public onlyOwner

If the modifier is referenced in the function definition as shown in doesSomethingCool, the function body will not run unless the user's msg.sender value equals that of the owner of the contract. After it checks for a true or false value on line 2 and the modifier code ends, the calling function will continue running as normal following the _; from line 3. This _; value simply means continue running calling code as normal within the function provided the require modifier returned true. This is a much cleaner way to handle authorization across multiple functions with code reuse and ability to change code in one location rather than hunting down every function that needs authorization of some sort.

These next two functions should be pretty self-explanatory by now, but in the spirit of learning Solidity in this chapter we will deep dive all of the code.

1.   function deposit () public payable {

2.     require((balances[msg.sender] + msg.value) >= balances[msg.sender]);

3.     balances[msg.sender] += msg.value;

4.   }

5.

6.   function withdraw (uint withdrawAmount) public {

7.     require (withdrawAmount <= balances[msg.sender]);

8.

9.     balances[msg.sender] -= withdrawAmount;

10.   msg.sender.transfer(withdrawAmount);

11.}

Above we have two functions, a deposit function for filling your account with Ether from an external account and a withdraw function for removing your Ether from the contract. You will notice on line 1 that the definition of deposit has the words public and payable. The reason being that in order to deposit value to an account the function must be marked as a payable function. This goes for addresses as well, when using addresses within value transfers those addresses must also be marked as payable. This was something that was added the Solidity as of version 5, prior to version 5 if you are auditing code you will not see this keyword required within all portions of value transfer events.

In line 2 you will see a require line, the require line is a conditional check that if it fails the transaction will halt and revert back to the state before it was called. In this instance, if the value is not a positive value, it will fail and the function will return an error. If the value is indeed a positive number, the next line will run and increase the account value of the user by the value that was sent.

The withdraw function at line 6 only receives a withdraw amount that is checked on line 7 to require that amount to be withdrawn is less than or equal to the account balance of that user. If this check fails and the user does not have a high enough balance for the withdraw, then transaction returns an error. If it succeeds, then on lines 9 and 10 we decrease the balance of the user internally followed by transferring the approved amount back to the users account address.

Checks Effects Interactions:

Also note that this code follows the proper Solidity secure coding pattern of Checks, Effects, Interactions (CHI). We will go through Solidity coding patterns throughout the book. These are coding patterns which hinder attack vectors by design. In the CHI pattern, we always want to first check that the data is valid for the transaction which we did with the require statement. Then we want to do the effect of the transaction which is to reduce the balance of the user internally to the system. Finally, we want to interact with the external address we are transferring the value to. This pattern will become clear within the Reentrancy attack chapter.

Effectively an attacker could re-enter the contract and perform more actions bypassing initial checks if the value being transferred is not updating the balance prior to interacting with an un-trusted external party. In order to prevent the attacker from continually removing value from the contract, we always make sure to update the balance before transferring the value out of the contract. If the transaction happens to fail, the transfer function will revert the actions taken in the contract effectively refilling the users account.

At this point you are probably starting to notice that Solidity is pretty easy to understand. However, there are a lot of Gotchas if secure coding patterns are not used or dangerous low level functionality is handled incorrectly.

The final snippet of code should be easy to understand. At this point we have covered all of these concepts.

1.     function withdrawAll() public onlyOwner {

2.           msg.sender.transfer(address(this).balance);

3.     }

4.

5.      function getBalance () public view returns (uint){

6.           return balances[msg.sender];

7.      }

8.

The first thing to note is on line 1 which has the onlyOwner modifier created in the beginning of the contract. If you remember from the explanation earlier, when this modifier is added to the function definition, it will run the code within isOwner which checks if the user is the original contract owner created in the constructor when the contract was deployed. If this user is the owner, then the call within the body of the function executes and transfers all of the Ethereum value out of the contracts balance. It does this by simply using a transfer function with the address of the contract and this.balance.

That should all make sense if you have been following along but what doesn't make sense is a bit less obvious. Can you guess what that is?

Before reading the next paragraph, think about what's wrong with this function?

So, did you think about it? Did you ask yourself the question, "Why does this function even exist?" This is an immediate red flag within the code, that the contract being used in this banking application might have nefarious purposes by the creators of the contract. At no time should the owner of the contract have the ability to empty the contract of all its funds. Including that of all of the users funds who are holding their Ethereum within their personal accounts on the contract. Often you will see functions like this within less the reputable games which are planning an exit scam as soon as the contract balance reaches a desired threshold.

So, while its good to look for obvious vulnerabilities within code also think about the use case of the code being reviewed and if something looks off it probably is.

The final getBalance function on line 5 is simply a function that returns the balance of the user who calls the function. You will notice that within the function definition it uses the "view" keyword indicating that it is not modifying anything and should not incur fees for processing. It also indicates that it is returning a uint value which it does in line 6. The function returns the msg.sender's balance by querying the balances mapping with the msg.sender key.

Summary

This chapter should round out your knowledge of solidity enough to get started looking at vulnerabilities. We have covered a lot of common coding themes within solidity which may not be seen in other languages. We will be covering a lot of coding patterns along with vulnerable functionality within the following chapters on exploitation. We will walk through each vulnerability and why it's an issue within Solidity and then we will walk through how to attack it with examples of how an attacker would craft requests or additional attacking code to exploit the flaws. For additional information on the code above and a walk through of the functionality in real time, check out the chapters video in the references below.