智能合约审计-条件竞争
2020年4月28日 星期二, 发表于 合肥
如果你对本文有任何的建议或者疑问, 可以在 这里给我提 Issues, 谢谢! :)
描叙:程序在运行过程中,因为多个事件的次序异常而造成对同一系统资源的竞争访问,可能导致程序运行出错。
核心问题:检查是否存在多个并发执行的事件、多个事件需要共享访问相同的对象、某些需要对共享对象进行写操作。
一些概念
满足“条件竞争”的发生条件
-
并发访问:对同一个合约发起的调用的交易可以被“并发”的发生,虽然这些交易会被放进交易池线性执行,但是这些交易的执行顺序并不能得到保证。
-
共享对象:对于一个合约来说,合约的Storage变量就是所有合约函数调用中都能访问的共享对象
-
写操作:对Storage变量的更新,就是对共享对象的写操作
智能合约的特点
-
矿工在交易打包前(智能合约真正执行前)看到函数调用参数并预测结果,可以选择对该笔交易是否打包及调准打包顺序
-
正常情况下矿工打包的顺序是按照gas price从大到小顺序,普通用户可以利用这一点来提升交易的优先级
漏洞危害
-
如果特定的交易顺序导致合约执行结果对矿工有利,矿工可能选择对自己有利的打包顺序,而不会带来任何的后果
-
如果某个重要而秘密的值通过合约的参数传递,矿工可能发起中间人攻击
-
普通用户可以通过提高gas price的方式,尽可能尝试改变交易顺序,发起竞争条件
漏洞合约分析
pragma solidity ^0.4.24;
library SafeMath {
function add(uint a, uint b) internal pure returns (uint c) {
c = a + b;
require(c >= a);
}
function sub(uint a, uint b) internal pure returns (uint c) {
require(b <= a);
c = a - b;
}
function mul(uint a, uint b) internal pure returns (uint c) {
c = a * b;
require(a == 0 || c / a == b);
}
function div(uint a, uint b) internal pure returns (uint c) {
require(b > 0);
c = a / b;
}
}
contract ERC20Interface {
function totalSupply() public constant returns (uint);
function balanceOf(address tokenOwner) public constant returns (uint balance);
function allowance(address tokenOwner, address spender) public constant returns (uint remaining);
function transfer(address to, uint tokens) public returns (bool success);
function approve(address spender, uint tokens) public returns (bool success);
function transferFrom(address from, address to, uint tokens) public returns (bool success);
event Transfer(address indexed from, address indexed to, uint tokens);
event Approval(address indexed tokenOwner, address indexed spender, uint tokens);
}
contract ApproveAndCallFallBack {
function receiveApproval(address from, uint256 tokens, address token, bytes data) public;
}
contract Owned {
address public owner;
address public newOwner;
event OwnershipTransferred(address indexed _from, address indexed _to);
constructor() public {
owner = msg.sender;
}
modifier onlyOwner {
require(msg.sender == owner);
_;
}
function transferOwnership(address _newOwner) public onlyOwner {
newOwner = _newOwner;
}
function acceptOwnership() public {
require(msg.sender == newOwner);
emit OwnershipTransferred(owner, newOwner);
owner = newOwner;
newOwner = address(0);
}
}
contract FixedSupplyToken is ERC20Interface, Owned {
using SafeMath for uint;
string public symbol;
string public name;
uint8 public decimals;
uint _totalSupply;
mapping(address => uint) balances;
mapping(address => mapping(address => uint)) allowed;
constructor() public {
symbol = "FIXED";
name = "Example Fixed Supply Token";
decimals = 18;
_totalSupply = 1000000 * 10**uint(decimals);
balances[owner] = _totalSupply;
emit Transfer(address(0), owner, _totalSupply);
}
function totalSupply() public view returns (uint) {
return _totalSupply.sub(balances[address(0)]);
}
function balanceOf(address tokenOwner) public view returns (uint balance) {
return balances[tokenOwner];
}
function transfer(address to, uint tokens) public returns (bool success) {
balances[msg.sender] = balances[msg.sender].sub(tokens);
balances[to] = balances[to].add(tokens);
emit Transfer(msg.sender, to, tokens);
return true;
}
function approve(address spender, uint tokens) public returns (bool success) {
allowed[msg.sender][spender] = tokens;
emit Approval(msg.sender, spender, tokens);
return true;
}
function transferFrom(address from, address to, uint tokens) public returns (bool success) {
balances[from] = balances[from].sub(tokens);
allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);
balances[to] = balances[to].add(tokens);
emit Transfer(from, to, tokens);
return true;
}
function allowance(address tokenOwner, address spender) public view returns (uint remaining) {
return allowed[tokenOwner][spender];
}
function approveAndCall(address spender, uint tokens, bytes data) public returns (bool success) {
allowed[msg.sender][spender] = tokens;
emit Approval(msg.sender, spender, tokens);
ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, this, data);
return true;
}
function () public payable {
revert();
}
function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {
return ERC20Interface(tokenAddress).transfer(owner, tokens);
}
}
漏洞点:approve(address spender, uint tokens) 函数在用于授权用户转账额度,在owner修改用户的转账额度的时候,当该操作被用户监听到的时候,可以增大gas price提前转走这比额度
漏洞预防
- 对于提高gas price的行为:在合约中设置最高的gas price限制,防止用户通过提高gas price来操纵交易顺序