CTF导航 CTF导航

智能合约审计-条件竞争

区块链安全 2年前 (2022) admin
437 0 0

描叙:程序在运行过程中,因为多个事件的次序异常而造成对同一系统资源的竞争访问,可能导致程序运行出错。

核心问题:检查是否存在多个并发执行的事件、多个事件需要共享访问相同的对象、某些需要对共享对象进行写操作。

一些概念

满足“条件竞争”的发生条件

  • 并发访问:对同一个合约发起的调用的交易可以被“并发”的发生,虽然这些交易会被放进交易池线性执行,但是这些交易的执行顺序并不能得到保证。
  • 共享对象:对于一个合约来说,合约的Storage变量就是所有合约函数调用中都能访问的共享对象
  • 写操作:对Storage变量的更新,就是对共享对象的写操作

智能合约的特点

  • 矿工在交易打包前(智能合约真正执行前)看到函数调用参数并预测结果,可以选择对该笔交易是否打包及调准打包顺序
  • 正常情况下矿工打包的顺序是按照gas price从大到小顺序,普通用户可以利用这一点来提升交易的优先级

漏洞危害

  • 如果特定的交易顺序导致合约执行结果对矿工有利,矿工可能选择对自己有利的打包顺序,而不会带来任何的后果
  • 如果某个重要而秘密的值通过合约的参数传递,矿工可能发起中间人攻击
  • 普通用户可以通过提高gas price的方式,尽可能尝试改变交易顺序,发起竞争条件

漏洞合约分析

pragma solidity ^0.4.24;

library SafeMath {
    function add(uint a, uint b) internal pure returns (uint c) {
        c = a + b;
        require(c >= a);
    }
    function sub(uint a, uint b) internal pure returns (uint c) {
        require(b <= a);
        c = a - b;
    }
    function mul(uint a, uint b) internal pure returns (uint c) {
        c = a * b;
        require(a == 0 || c / a == b);
    }
    function div(uint a, uint b) internal pure returns (uint c) {
        require(b > 0);
        c = a / b;
    }
}


contract ERC20Interface {
    function totalSupply() public constant returns (uint);
    function balanceOf(address tokenOwner) public constant returns (uint balance);
    function allowance(address tokenOwner, address spender) public constant returns (uint remaining);
    function transfer(address to, uint tokens) public returns (bool success);
    function approve(address spender, uint tokens) public returns (bool success);
    function transferFrom(address from, address to, uint tokens) public returns (bool success);

    event Transfer(address indexed from, address indexed to, uint tokens);
    event Approval(address indexed tokenOwner, address indexed spender, uint tokens);
}


contract ApproveAndCallFallBack {
    function receiveApproval(address from, uint256 tokens, address token, bytes data) public;
}


contract Owned {
    address public owner;
    address public newOwner;

    event OwnershipTransferred(address indexed _from, address indexed _to);

    constructor() public {
        owner = msg.sender;
    }

    modifier onlyOwner {
        require(msg.sender == owner);
        _;
    }

    function transferOwnership(address _newOwner) public onlyOwner {
        newOwner = _newOwner;
    }
    function acceptOwnership() public {
        require(msg.sender == newOwner);
        emit OwnershipTransferred(owner, newOwner);
        owner = newOwner;
        newOwner = address(0);
    }
}

contract FixedSupplyToken is ERC20Interface, Owned {
    using SafeMath for uint;

    string public symbol;
    string public  name;
    uint8 public decimals;
    uint _totalSupply;

    mapping(address => uint) balances;
    mapping(address => mapping(address => uint)) allowed;

    constructor() public {
        symbol = "FIXED";
        name = "Example Fixed Supply Token";
        decimals = 18;
        _totalSupply = 1000000 * 10**uint(decimals);
        balances[owner] = _totalSupply;
        emit Transfer(address(0), owner, _totalSupply);
    }

    function totalSupply() public view returns (uint) {
        return _totalSupply.sub(balances[address(0)]);
    }


    function balanceOf(address tokenOwner) public view returns (uint balance) {
        return balances[tokenOwner];
    }


    function transfer(address to, uint tokens) public returns (bool success) {
        balances[msg.sender] = balances[msg.sender].sub(tokens);
        balances[to] = balances[to].add(tokens);
        emit Transfer(msg.sender, to, tokens);
        return true;
    }


    function approve(address spender, uint tokens) public returns (bool success) {
        allowed[msg.sender][spender] = tokens;
        emit Approval(msg.sender, spender, tokens);
        return true;
    }

    function transferFrom(address from, address to, uint tokens) public returns (bool success) {
        balances[from] = balances[from].sub(tokens);
        allowed[from][msg.sender] = allowed[from][msg.sender].sub(tokens);
        balances[to] = balances[to].add(tokens);
        emit Transfer(from, to, tokens);
        return true;
    }

    function allowance(address tokenOwner, address spender) public view returns (uint remaining) {
        return allowed[tokenOwner][spender];
    }


    function approveAndCall(address spender, uint tokens, bytes data) public returns (bool success) {
        allowed[msg.sender][spender] = tokens;
        emit Approval(msg.sender, spender, tokens);
        ApproveAndCallFallBack(spender).receiveApproval(msg.sender, tokens, this, data);
        return true;
    }

    function () public payable {
        revert();
    }

    function transferAnyERC20Token(address tokenAddress, uint tokens) public onlyOwner returns (bool success) {
        return ERC20Interface(tokenAddress).transfer(owner, tokens);
    }
}

漏洞点:approve(address spender, uint tokens) 函数在用于授权用户转账额度,在owner修改用户的转账额度的时候,当该操作被用户监听到的时候,可以增大gas price提前转走这比额度

漏洞预防

  • 对于提高gas price的行为:在合约中设置最高的gas price限制,防止用户通过提高gas price来操纵交易顺序

 

 

原文始发于毕竟话少:智能合约审计-条件竞争

版权声明:admin 发表于 2022年10月20日 上午9:29。
转载请注明:智能合约审计-条件竞争 | CTF导航

相关文章

!!紧急自查!!OpenZeppelin 任意地址欺骗攻击分析
admin
56
零时科技 || Uniswap v3出现漏洞?No,新型钓鱼来袭!
admin
527
区块链篇-Balsn CTF 2019 – Bank
admin
885
慢雾:“揭开” 数千万美金大盗团伙 Monkey Drainer 的神秘面纱
admin
276
(十)Fuzzing 基础
admin
123
警惕隐蔽的 Rug Pull,合约存储引起的跑路盘
admin
179

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

非法资金流动案例分析:$55M DAI 钓鱼事件
0
SDC2024 议题回顾 | 从硬件钱包到TrustZone:Web3密钥托管的安全挑战与解决方案
0
非法资金流动案例分析:Li.Fi Attack
0
零时科技 || Ramses 攻击事件分析
0
如何绕过数字钱包的安全支付机制 —— Usenix Security 24 论文导览
0
门罗币隐私保护之环签名
0
零时科技 || Radiant Capital 攻击事件分析
0
慢雾:Compound Finance V2 安全审计手册
0
新瓶装旧酒|套利 MEV 机器人骗局
0
慢雾:貔貅盘防范指南
0