安全问题
在这里我们要对上面的SushiSwap合约中的两个安全问题进行简要分析:
条件竞争
漏洞函数:emergencyWithdraw
漏洞代码:
// Withdraw without caring about rewards. EMERGENCY ONLY.
function emergencyWithdraw(uint256 _pid) public {
PoolInfo storage pool = poolInfo[_pid];
UserInfo storage user = userInfo[_pid][msg.sender];
pool.lpToken.safeTransfer(address(msg.sender), user.amount);
emit EmergencyWithdraw(msg.sender, _pid, user.amount);
user.amount = 0;
user.rewardDebt = 0;
}
漏洞描述:如上面的代码所述,这里的emergencyWithdraw函数用于紧急提款,但是资产的更新位于转账之后,导致存在条件竞争关系。
解决方案:正确的写法理应如下
function emer