CTF导航 CTF导航

智能合约审计-条件竞争

区块链安全 2年前 (2022) admin
413 0 0

描叙:程序在运行过程中,因为多个事件的次序异常而造成对同一系统资源的竞争访问,可能导致程序运行出错。

核心问题:检查是否存在多个并发执行的事件、多个事件需要共享访问相同的对象、某些需要对共享对象进行写操作。

一些概念

满足“条件竞争”的发生条件

  • 并发访问:对同一个合约发起的调用的交易可以被“并发”的发生,虽然这些交易会被放进交易池线性执行,但是这些交易的执行顺序并不能得到保证。
  • 共享对象:对于一个合约来说,合约的Storage变量就是所有合约函数调用中都能访问的共享对象
  • 写操作:对Storage变量的更新,就是对共享对象的写操作

智能合约的特点

  • 矿工在交易打包前(智能合约真正执行前)看到函数调用参数并预测结果,可以选择对该笔交易是否打包及调准打包顺序
  • 正常情况下矿工打包的顺序是按照gas price从大到小顺序,普通用户可以利用这一点来提升交易的优先级

漏洞危害

  • 如果特定的交易顺序导致合约执行结果对矿工有利,矿工可能选择对自己有利的打包顺序,而不会带来任何的后果
  • 如果某个重要而秘密的值通过合约的参数传递,矿工可能发起中间人攻击
  • 普通用户可以通过提高gas price的方式,尽可能尝试改变交易顺序,发起竞争条件

漏洞合约分析

pragma solidity ^0.4.24;

library SafeMath {
    function add(uint a, uint b) internal pure returns (uint c) {
        c = a + b;
        require(c >= a);
    }
    function sub(uint a, uint b) internal pure returns (uint c) {
        require(b <= a);
        c = a - b;
    }
    function mul(uint a, uint b) internal pure returns (uint c) {
        c = a * b;
        require(a == 0 || c / a == b);
    }
    function div(uint a, uint b) internal pure returns (uint c) {
        require(b > 0);
        c = a / b;
    }
}


contract ERC20Interface {
    function totalSupply() public constant returns (uint);
    function balanceOf(address tokenOwner) public constant returns (uint balance);
    function allowance(address tokenOwner, address spender) public constant returns (uint remaining);
    function transfer(address to, uint tokens) public returns (bool success);
    function approve(address spender, uint tokens) public returns (bool success);
    function transferFrom(address from, address to, uint tokens) public returns (bool success);

    event Transfer(address indexed from, address indexed to, uint tokens);
    event Approval(address indexed tokenOwner, address indexed spender, uint tokens);
}


contract ApproveAndCallFallBack {
    function receiveApproval(address from, uint256 tokens, address token, bytes data) public;
}


contract Owned {
    address public owner;
    address public newOwner;

    event OwnershipTransferred(address indexed _from, address indexed _to);

    constructor() public {
        owner = msg.sender;
    }

    modifier onlyOwner {
        require(msg.sender == owner);
        _;
    }

    function transferOwnership(address _newOwner) public onlyOwner {
        newOwner = _newOwner;
    }
    function acceptOwnership() public {
        require(msg.sender == newOwner);
        emit OwnershipTransferred(owner, newOwner);
        owner = newOwner;
        newOwner = address(0);
    }
}

contract FixedSupplyToken is ERC20Interface, Owned {
    using SafeMath for uint;

    string public symbol;
    string public  name;
    uint8 public decimals;
    uint _totalSupply;

    mapping(address => uint) balances;
    mapping(address => mapping(address => uint)) allowed;

    constructor() public {
        symbol = "FIXED";
        name = "Example Fixed Supply Token";
        decimals = 18;
        _totalSupply = 1000000 * 10**uint(decimals);
        balances[owner] = _totalSupply;
        emit Transfer(address(0), owner, _totalSupply);
    }

    function totalSupply() public view returns (uint) {
        return _totalSupply.sub(balances[address(0)]);
    }


    function balanceOf(address tokenOwner) public view returns (uint balance) {
        return balances[tokenOwner];
    }


    function transfer(address to, uint tokens) public returns (bool success) {
        balances[msg.sender] = balances[msg.sender].sub(tokens);
        balances[to] = balances[to].add(tokens);
        emit Transfer(msg.sender, to, tokens);
        return true;
    }


    function approve(address spender, uint tokens) public returns (bool success) {
        allowed[msg.sender][spender] = tokens;
        emit Approval(msg.sender, spender, tokens);
        return true;
    }

    function transferFrom(address from, address to, uint tokens) public returns (bool success) {
        balances[from] = balances[from].sub(tokens);
        allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);
        balances[to] = balances[to].add(tokens);
        emit Transfer(from, to, tokens);
        return true;
    }

    function allowance(address tokenOwner, address spender) public view returns (uint remaining) {
        return allowed[tokenOwner][spender];
    }


    function approveAndCall(address spender, uint tokens, bytes data) public returns (bool success) {
        allowed[msg.sender][spender] = tokens;
        emit Approval(msg.sender, spender, tokens);
        ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, this, data);
        return true;
    }

    function () public payable {
        revert();
    }

    function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {
        return ERC20Interface(tokenAddress).transfer(owner, tokens);
    }
}

漏洞点:approve(address spender, uint tokens) 函数在用于授权用户转账额度,在owner修改用户的转账额度的时候,当该操作被用户监听到的时候,可以增大gas price提前转走这比额度

漏洞预防

  • 对于提高gas price的行为:在合约中设置最高的gas price限制,防止用户通过提高gas price来操纵交易顺序

 

 

原文始发于毕竟话少:智能合约审计-条件竞争

版权声明:admin 发表于 2022年10月20日 上午9:29。
转载请注明:智能合约审计-条件竞争 | CTF导航

相关文章

慢雾:NFT 项目 verb 钓鱼网站分析
admin
479
零时科技 || 10月各类安全事件造成的损失约4815.8万美元,Rug Pull事件有所增加
admin
26
零时科技 | FEGtoken遭受攻击,损失超130万美元事件分析
admin
458
Cobo安全团队——Kaoyaswap 被黑分析
admin
579
零时科技 || BSC链上Biswap被攻击,攻击者获利约71万美元事件分析
admin
282
通向自由的 “黑洞” — WormHole 被黑分析
admin
518

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

零时科技 || SATX攻击事件分析
0
CTF选手效率利器:使用Phalcon Fork来学习Ethernaut CTF 2024
0
当加密小白遇上「最强」缝合骗术
0
AssangeDAO 资金转移引发疑问 —— 高调募捐背后潜在的 Rug Pull
0
每月动态 | Web3 安全事件总损失约 1.39 亿美元
0
peth v1.0.5 正式发布
0
签名重放
0
复盘|MOBOX 被黑分析
0
复盘|IT 代币被黑分析
0
OpenZeppelin CTF 2024 Writeup
0