【智能合约审计】————11、MultiGamesToken

合约地址：https://etherscan.io/address/0x52a5e1a56a124dce84e548ff96122246e46d599f#code

pragma solidity ^0.4.16;// ----------------------------------------------------------------------------------------------// MultiGames Token Contract, version 2.00// Interwave Global// www.iw-global.com// ----------------------------------------------------------------------------------------------contract owned {address public owner;function owned() public {owner = msg.sender;}modifier onlyOwner {require(msg.sender == owner);_;}function transferOwnership(address newOwner) onlyOwner public {owner = newOwner;}
}interface tokenRecipient { function receiveApproval(address _from, uint256 _value, address _token, bytes _extraData) public; }contract TokenERC20 {// Public variables of the tokenstring public name  ;string public symbol  ;uint8 public decimals = 18;// 18 decimals is the strongly suggested default, avoid changing ituint256 public totalSupply ;// This creates an array with all balancesmapping (address => uint256) public balanceOf;mapping (address => mapping (address => uint256)) public allowance;// This generates a public event on the blockchain that will notify clientsevent Transfer(address indexed from, address indexed to, uint256 value);// This notifies clients about the amount burntevent Burn(address indexed from, uint256 value);/*** Constrctor function** Initializes contract with initial supply tokens to the creator of the contract*/function TokenERC20(uint256 initialSupply,string tokenName,string tokenSymbol) public {totalSupply = initialSupply * 10 ** uint256(decimals);  // Update total supply with the decimal amountbalanceOf[msg.sender] = totalSupply;                // Give the creator all initial tokensname = tokenName;                                   // Set the name for display purposessymbol = tokenSymbol;                               // Set the symbol for display purposes}/*** Internal transfer, only can be called by this contract*/function _transfer(address _from, address _to, uint _value) internal {// Prevent transfer to 0x0 address. Use burn() insteadrequire(_to != 0x0);// Check if the sender has enoughrequire(balanceOf[_from] >= _value);// Check for overflowsrequire(balanceOf[_to] + _value > balanceOf[_to]);// Save this for an assertion in the futureuint previousBalances = balanceOf[_from] + balanceOf[_to];// Subtract from the senderbalanceOf[_from] -= _value;// Add the same to the recipientbalanceOf[_to] += _value;Transfer(_from, _to, _value);// Asserts are used to use static analysis to find bugs in your code. They should never failassert(balanceOf[_from] + balanceOf[_to] == previousBalances);}/*** Transfer tokens** Send `_value` tokens to `_to` from your account** @param _to The address of the recipient* @param _value the amount to send*/function transfer(address _to, uint256 _value) public {_transfer(msg.sender, _to, _value);}/*** Transfer tokens from other address** Send `_value` tokens to `_to` in behalf of `_from`** @param _from The address of the sender* @param _to The address of the recipient* @param _value the amount to send*/function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {require(_value <= allowance[_from][msg.sender]);     // Check allowanceallowance[_from][msg.sender] -= _value;_transfer(_from, _to, _value);return true;}/*** Set allowance for other address** Allows `_spender` to spend no more than `_value` tokens in your behalf** @param _spender The address authorized to spend* @param _value the max amount they can spend*/function approve(address _spender, uint256 _value) publicreturns (bool success) {allowance[msg.sender][_spender] = _value;return true;}/*** Set allowance for other address and notify** Allows `_spender` to spend no more than `_value` tokens in your behalf, and then ping the contract about it** @param _spender The address authorized to spend* @param _value the max amount they can spend* @param _extraData some extra information to send to the approved contract*/function approveAndCall(address _spender, uint256 _value, bytes _extraData)publicreturns (bool success) {tokenRecipient spender = tokenRecipient(_spender);if (approve(_spender, _value)) {spender.receiveApproval(msg.sender, _value, this, _extraData);return true;}}/*** Destroy tokens** Remove `_value` tokens from the system irreversibly** @param _value the amount of money to burn*/function burn(uint256 _value) public returns (bool success) {require(balanceOf[msg.sender] >= _value);   // Check if the sender has enoughbalanceOf[msg.sender] -= _value;            // Subtract from the sendertotalSupply -= _value;                      // Updates totalSupplyBurn(msg.sender, _value);return true;}/*** Destroy tokens from other account** Remove `_value` tokens from the system irreversibly on behalf of `_from`.** @param _from the address of the sender* @param _value the amount of money to burn*/function burnFrom(address _from, uint256 _value) public returns (bool success) {require(balanceOf[_from] >= _value);                // Check if the targeted balance is enoughrequire(_value <= allowance[_from][msg.sender]);    // Check allowancebalanceOf[_from] -= _value;                         // Subtract from the targeted balanceallowance[_from][msg.sender] -= _value;             // Subtract from the sender's allowancetotalSupply -= _value;                              // Update totalSupplyBurn(_from, _value);return true;}
}/******************************************/
/*       ADVANCED TOKEN STARTS HERE       */
/******************************************/contract MultiGamesToken is owned, TokenERC20 {uint256 public sellPrice;uint256 public buyPrice;mapping (address => bool) public frozenAccount;/* This generates a public event on the blockchain that will notify clients */event FrozenFunds(address target, bool frozen);/* Initializes contract with initial supply tokens to the creator of the contract */function MultiGamesToken() TokenERC20(10000000, "MultiGames", "MLT") public {}/* Internal transfer, only can be called by this contract */function _transfer(address _from, address _to, uint _value) internal {require (_to != 0x0);                               // Prevent transfer to 0x0 address. Use burn() insteadrequire (balanceOf[_from] > _value);                // Check if the sender has enoughrequire (balanceOf[_to] + _value > balanceOf[_to]); // Check for overflowsrequire(!frozenAccount[_from]);                     // Check if sender is frozenrequire(!frozenAccount[_to]);                       // Check if recipient is frozenbalanceOf[_from] -= _value;                         // Subtract from the senderbalanceOf[_to] += _value;                           // Add the same to the recipientTransfer(_from, _to, _value);}/// @notice Create `mintedAmount` tokens and send it to `target`/// @param target Address to receive the tokens/// @param mintedAmount the amount of tokens it will receive//存在整数溢出，可以导致“任意铸币”function mintToken(address target, uint256 mintedAmount) onlyOwner public {balanceOf[target] += mintedAmount;totalSupply += mintedAmount;Transfer(0, this, mintedAmount);Transfer(this, target, mintedAmount);}/// @notice `freeze? Prevent | Allow` `target` from sending & receiving tokens/// @param target Address to be frozen/// @param freeze either to freeze it or notfunction freezeAccount(address target, bool freeze) onlyOwner public {frozenAccount[target] = freeze;FrozenFunds(target, freeze);}/// @notice Allow users to buy tokens for `newBuyPrice` eth and sell tokens for `newSellPrice` eth/// @param newSellPrice Price the users can sell to the contract/// @param newBuyPrice Price users can buy from the contractfunction setPrices(uint256 newSellPrice, uint256 newBuyPrice) onlyOwner public {sellPrice = newSellPrice;buyPrice = newBuyPrice;}/// @notice Buy tokens from contract by sending etherfunction buy() payable public {uint amount = msg.value / buyPrice;               // calculates the amount_transfer(this, msg.sender, amount);              // makes the transfers}/// @notice Sell `amount` tokens to contract/// @param amount amount of tokens to be sold//存在整数溢出，可以导致"高价低卖"function sell(uint256 amount) public {require(this.balance >= amount * sellPrice);      // checks if the contract has enough ether to buy_transfer(msg.sender, this, amount);              // makes the transfersmsg.sender.transfer(amount * sellPrice);          // sends ether to the seller. It's important to do this last to avoid recursion attacks}
}

【智能合约审计】————11、MultiGamesToken相关推荐

区块链100讲：智能合约审计指南
智能合约代码的审计,目前还不是技术社区内经常会讨论的主题.今年3月6日,发表在博客网站[Schneier on Security]上的一篇博客(原文链接:[https://www.schneier.c ...
【智能合约系列009-如何做智能合约审计？】
研究报告[Finding The Greedy, Prodigal, and Suicidal Contracts at Scale])指出,目前在以太坊中,有89%的智能合约代码都或多或少存在安全漏 ...
智能合约审计之条件竞争
文章前言与大多数区块链一样,以太坊节点汇集交易并将其形成块,一旦矿工解决了共识机制(目前Ethereum的ETHASH PoW),这些交易就被认为是有效的,解决该区块的矿工也会选择来自该矿池的哪些交 ...
区块链安全100问 | 第七篇：智能合约审计流程及审计内容
零时科技--专注于区块链安全领域深圳零时科技有限公司(简称:零时科技),公司成立于2018年11月,是一家专注于区块链生态安全的实战创新型网络安全企业,团队扎根区块链安全与应用技术研究,以丰富的安全 ...
智能合约审计之访问控制
基础知识权限的概念权限是指为了保证职责的有效履行,任职者必须具备的对某事项进行决策的范围和程度.它常常用"具有xxxxxxx的权利"来进行表达,比如:公司的CEO具有否定某项提 ...
智能合约审计之DDOS概述
拒绝服务(DOS) 对智能合约进行DOS攻击的方法有很多种,其根本的目的是使合约在一段时间内或者永久无法正常运行,通过拒绝服务攻击,也可以使合约中的ether永远无法提取出来,下面将会列出几种常见的攻 ...
智能合约审计之权限校验错误
Tx.origin鉴权简单介绍 tx.origin是Solidity的一个全局变量,它遍历整个调用栈并返回最初发送调用(或事务)的帐户的地址,在智能合约中使用此变量进行身份验证可能会使合约受到类似网 ...
【智能合约审计】————16、YiqiniuCrowdsale
合约地址:https://etherscan.io/address/0xaf81fe7b506d07e0a87b6dead5302781520a0e22#code pragma solidity ^0 ...
【智能合约审计】————17、YiqiniuToken
合约地址:https://etherscan.io/address/0xa54ff78ac3fdf232d6eb5d547fbf2a6933d91cd3#code 审计结果: pragma solid ...

【智能合约审计】————11、MultiGamesToken

【智能合约审计】————11、MultiGamesToken相关推荐

最新文章

热门文章