【智能合约审计】————23、EthLendToken
2024-05-09 12:40:26
合约地址:https://etherscan.io/address/0x80fB784B7eD66730e8b1DBd9820aFD29931aab03#code
pragma solidity ^0.4.16;contract SafeMath {function safeMul(uint a, uint b) internal returns (uint) {uint c = a * b;assert(a == 0 || c / a == b);return c;}function safeSub(uint a, uint b) internal returns (uint) {assert(b <= a);return a - b;}function safeAdd(uint a, uint b) internal returns (uint) {uint c = a + b;assert(c>=a && c>=b);return c;}
}// Standard token interface (ERC 20)
// https://github.com/ethereum/EIPs/issues/20
contract Token is SafeMath {// Functions:/// @return total amount of tokensfunction totalSupply() constant returns (uint256 supply);/// @param _owner The address from which the balance will be retrieved/// @return The balancefunction balanceOf(address _owner) constant returns (uint256 balance);/// @notice send `_value` token to `_to` from `msg.sender`/// @param _to The address of the recipient/// @param _value The amount of token to be transferredfunction transfer(address _to, uint256 _value) returns(bool);/// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from`/// @param _from The address of the sender/// @param _to The address of the recipient/// @param _value The amount of token to be transferred/// @return Whether the transfer was successful or notfunction transferFrom(address _from, address _to, uint256 _value) returns(bool);/// @notice `msg.sender` approves `_addr` to spend `_value` tokens/// @param _spender The address of the account able to transfer the tokens/// @param _value The amount of wei to be approved for transfer/// @return Whether the approval was successful or notfunction approve(address _spender, uint256 _value) returns (bool success);/// @param _owner The address of the account owning tokens/// @param _spender The address of the account able to transfer the tokens/// @return Amount of remaining tokens allowed to spentfunction allowance(address _owner, address _spender) constant returns (uint256 remaining);// Events:event Transfer(address indexed _from, address indexed _to, uint256 _value);event Approval(address indexed _owner, address indexed _spender, uint256 _value);
}contract StdToken is Token {// Fields:mapping(address => uint256) balances;mapping (address => mapping (address => uint256)) allowed;uint public supply = 0;// Functions:function transfer(address _to, uint256 _value) returns(bool) {require(balances[msg.sender] >= _value);require(balances[_to] + _value > balances[_to]);balances[msg.sender] = safeSub(balances[msg.sender],_value);balances[_to] = safeAdd(balances[_to],_value);Transfer(msg.sender, _to, _value);return true;}function transferFrom(address _from, address _to, uint256 _value) returns(bool){require(balances[_from] >= _value);require(allowed[_from][msg.sender] >= _value);require(balances[_to] + _value > balances[_to]);balances[_to] = safeAdd(balances[_to],_value);balances[_from] = safeSub(balances[_from],_value);allowed[_from][msg.sender] = safeSub(allowed[_from][msg.sender],_value);Transfer(_from, _to, _value);return true;}function totalSupply() constant returns (uint256) {return supply;}function balanceOf(address _owner) constant returns (uint256) {return balances[_owner];}function approve(address _spender, uint256 _value) returns (bool) {// To change the approve amount you first have to reduce the addresses`// allowance to zero by calling `approve(_spender, 0)` if it is not// already 0 to mitigate the race condition described here:// https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729require((_value == 0) || (allowed[msg.sender][_spender] == 0));allowed[msg.sender][_spender] = _value;Approval(msg.sender, _spender, _value);return true;}function allowance(address _owner, address _spender) constant returns (uint256) {return allowed[_owner][_spender];}
}contract EthLendToken is StdToken
{
/// Fields:string public constant name = "EthLend Token";string public constant symbol = "LEND";uint public constant decimals = 18;// this includes DEVELOPERS_BONUSuint public constant TOTAL_SUPPLY = 1300000000 * (1 ether / 1 wei);uint public constant DEVELOPERS_BONUS = 300000000 * (1 ether / 1 wei);uint public constant PRESALE_PRICE = 30000; // per 1 Etheruint public constant PRESALE_MAX_ETH = 2000;// 60 mln tokens sold during presaleuint public constant PRESALE_TOKEN_SUPPLY_LIMIT = PRESALE_PRICE * PRESALE_MAX_ETH * (1 ether / 1 wei);uint public constant ICO_PRICE1 = 27500; // per 1 Etheruint public constant ICO_PRICE2 = 26250; // per 1 Etheruint public constant ICO_PRICE3 = 25000; // per 1 Ether// 1bln - this includes presale tokensuint public constant TOTAL_SOLD_TOKEN_SUPPLY_LIMIT = 1000000000* (1 ether / 1 wei);enum State{Init,Paused,PresaleRunning,PresaleFinished,ICORunning,ICOFinished}State public currentState = State.Init;bool public enableTransfers = false;address public teamTokenBonus = 0;// Gathered funds can be withdrawn only to escrow's address.address public escrow = 0;// Token manager has exclusive priveleges to call administrative// functions on this contract.address public tokenManager = 0;uint public presaleSoldTokens = 0;uint public icoSoldTokens = 0;uint public totalSoldTokens = 0;/// Modifiers:modifier onlyTokenManager(){require(msg.sender==tokenManager); _; }modifier onlyInState(State state){require(state==currentState); _; }/// Events:event LogBuy(address indexed owner, uint value);event LogBurn(address indexed owner, uint value);/// Functions:/// @dev Constructor/// @param _tokenManager Token manager address.function EthLendToken(address _tokenManager, address _escrow, address _teamTokenBonus) {tokenManager = _tokenManager;teamTokenBonus = _teamTokenBonus;escrow = _escrow;// send team bonus immediatelyuint teamBonus = DEVELOPERS_BONUS;balances[_teamTokenBonus] += teamBonus;supply+= teamBonus;assert(PRESALE_TOKEN_SUPPLY_LIMIT==60000000 * (1 ether / 1 wei));assert(TOTAL_SOLD_TOKEN_SUPPLY_LIMIT==1000000000 * (1 ether / 1 wei));}function buyTokens() public payable{require(currentState==State.PresaleRunning || currentState==State.ICORunning);if(currentState==State.PresaleRunning){return buyTokensPresale();}else{return buyTokensICO();}}function buyTokensPresale() public payable onlyInState(State.PresaleRunning){// min - 1 ETHrequire(msg.value >= (1 ether / 1 wei));uint newTokens = msg.value * PRESALE_PRICE;require(presaleSoldTokens + newTokens <= PRESALE_TOKEN_SUPPLY_LIMIT);balances[msg.sender] += newTokens;supply+= newTokens;presaleSoldTokens+= newTokens;totalSoldTokens+= newTokens;LogBuy(msg.sender, newTokens);}function buyTokensICO() public payable onlyInState(State.ICORunning){// min - 0.01 ETHrequire(msg.value >= ((1 ether / 1 wei) / 100));uint newTokens = msg.value * getPrice();require(totalSoldTokens + newTokens <= TOTAL_SOLD_TOKEN_SUPPLY_LIMIT);balances[msg.sender] += newTokens;supply+= newTokens;icoSoldTokens+= newTokens;totalSoldTokens+= newTokens;LogBuy(msg.sender, newTokens);}function getPrice()constant returns(uint){if(currentState==State.ICORunning){if(icoSoldTokens<(200000000 * (1 ether / 1 wei))){return ICO_PRICE1;}if(icoSoldTokens<(300000000 * (1 ether / 1 wei))){return ICO_PRICE2;}return ICO_PRICE3;}else{return PRESALE_PRICE;}}function setState(State _nextState) public onlyTokenManager{//setState() method call shouldn't be entertained after ICOFinishedrequire(currentState != State.ICOFinished);currentState = _nextState;// enable/disable transfers//enable transfers only after ICOFinished, disable otherwiseenableTransfers = (currentState==State.ICOFinished);}function withdrawEther() public onlyTokenManager{if(this.balance > 0) {require(escrow.send(this.balance));}}/// Overrides:function transfer(address _to, uint256 _value) returns(bool){require(enableTransfers);return super.transfer(_to,_value);}function transferFrom(address _from, address _to, uint256 _value) returns(bool){require(enableTransfers);return super.transferFrom(_from,_to,_value);}function approve(address _spender, uint256 _value) returns (bool) {require(enableTransfers);return super.approve(_spender,_value);}/// Setters/gettersfunction setTokenManager(address _mgr) public onlyTokenManager{tokenManager = _mgr;}// Default fallback functionfunction() payable {buyTokens();}
}问题:
概述:买家如果拥有足够多的ETH,可以通过发送大量token制造溢出,从而绕过ICO发币上限,达到超额购币。
漏洞攻击效果:调用者绕过合约中规定ICO的token容量上限,获得了超额购币;
漏洞原理:一个极大的_newTokens可以使得算数加法运算totalSoldTokens + newTokens发生整数溢出,变为一个极小值,从而绕过L236的检测。
【智能合约审计】————23、EthLendToken相关推荐
- 区块链100讲:智能合约审计指南
智能合约代码的审计,目前还不是技术社区内经常会讨论的主题.今年3月6日,发表在博客网站[Schneier on Security]上的一篇博客(原文链接:[https://www.schneier.c ...
- 智能合约审计之条件竞争
文章前言 与大多数区块链一样,以太坊节点汇集交易并将其形成块,一旦矿工解决了共识机制(目前Ethereum的ETHASH PoW),这些交易就被认为是有效的,解决该区块的矿工也会选择来自该矿池的哪些交 ...
- 【智能合约系列009-如何做智能合约审计?】
研究报告[Finding The Greedy, Prodigal, and Suicidal Contracts at Scale])指出,目前在以太坊中,有89%的智能合约代码都或多或少存在安全漏 ...
- 区块链安全100问 | 第七篇:智能合约审计流程及审计内容
零时科技--专注于区块链安全领域 深圳零时科技有限公司(简称:零时科技),公司成立于2018年11月,是一家专注于区块链生态安全的实战创新型网络安全企业,团队扎根区块链安全与应用技术研究,以丰富的安全 ...
- 智能合约审计之访问控制
基础知识 权限的概念 权限是指为了保证职责的有效履行,任职者必须具备的对某事项进行决策的范围和程度.它常常用"具有xxxxxxx的权利"来进行表达,比如:公司的CEO具有否定某项提 ...
- 智能合约审计之DDOS概述
拒绝服务(DOS) 对智能合约进行DOS攻击的方法有很多种,其根本的目的是使合约在一段时间内或者永久无法正常运行,通过拒绝服务攻击,也可以使合约中的ether永远无法提取出来,下面将会列出几种常见的攻 ...
- 智能合约审计之权限校验错误
Tx.origin鉴权 简单介绍 tx.origin是Solidity的一个全局变量,它遍历整个调用栈并返回最初发送调用(或事务)的帐户的地址,在智能合约中使用此变量进行身份验证可能会使合约受到类似网 ...
- 智能合约审计之evilReflex攻击
文章前言 在这篇文章中,我们对曾经出现过的一种叫做evilReflex的安全漏洞进行分析研究,攻击者可以通过该漏洞将存在evilReflex漏洞的合约中的任意数量的token转移到任意地址. 漏洞分析 ...
- 【智能合约审计】————11、MultiGamesToken
合约地址:https://etherscan.io/address/0x52a5e1a56a124dce84e548ff96122246e46d599f#code pragma solidity ^0 ...
最新文章
- 2021年AI关键趋势,AI芯片初创公司可能发生并购
- springboot整合postgresql_SpringBoot+JPA+PostgreSQL整合问题
- php arraymap()函数
- 多校1010 Taotao Picks Apples
- php 任意字符串_php 生成任意长度字符串的类(只含有数字 只含有字母 混合数字和字母)...
- java 双重检查锁定_Java双重检查锁定
- CentOS6.6部署VNC服务端
- Linux下更改Python的软链接
- jsp连接MYSQL数据库教程(文字+图)
- 封电脑机器码怎么解决_游戏封号解决方法之修改机器码 如何修改机器码
- Linux显示2015年日历表
- Open JDK patched with font fix
- 软件是用计算机解决问题的过程,1.1 计算机解决问题的过程
- 路由器dns被劫持怎么办 路由器DNS被劫持解决方法
- openinstall的价值就是帮助App开发者成功
- 作为一个程序员: 这么奇葩搞笑的代码注释你见过吗?
- 信息技术外包:中小企业信息化之道
- fwrite函数与fflush函数
- js word 预览_Node.js微服务实践(二)
- 零基础如何开始学编程