【以太坊开发】BeautyChain (BEC) 溢出漏洞分析

最新推荐文章于 2022-08-31 16:22:27 发布

秋天的春

最新推荐文章于 2022-08-31 16:22:27 发布

阅读量1.4k

点赞数

分类专栏：区块链文章标签： eth漏洞分析

本文链接：https://blog.csdn.net/ffzhihua/article/details/81137233

版权

本文详细分析了2018年4月23日BEC代币因智能合约溢出漏洞遭受黑客攻击的事件。通过研究源码，发现关键问题在于批量转账函数中的乘法操作未使用SafeMath，导致溢出。黑客利用此漏洞进行转账，造成BEC价值急剧下跌。此外，文章还提供了单元测试和修复漏洞的方法，强调在智能合约开发中进行溢出检查的重要性。

摘要由CSDN通过智能技术生成

前言
2018年4月23日中午11点30分左右，BEC代币被Hacker攻击。
Hacker利用数据溢出的漏洞攻击与美图合作的公司美链 BEC 的智能合约，成功地向两个地址转出了天量级别的 BEC 代币，导致市场上海量 BEC 被抛售，该数字货币价值几近归零，给 BEC 市场交易带来了毁灭性打击。
下面我们来分析一下此次受攻击的漏洞，作为前车之鉴。

一、Token地址：

https://etherscan.io/address/0xc5d105e63711398af9bbff092d4b6769c82f793d

二、BEC智能合约源码

我们不需要看完以下所有代码，重点关注第三节要分析的内容。

pragma solidity ^0.4.16;

/**
 * @title SafeMath
 * @dev Math operations with safety checks that throw on error
 */
library SafeMath {
  function mul(uint256 a, uint256 b) internal constant returns (uint256) {
    uint256 c = a * b;
    assert(a == 0 || c / a == b);
    return c;
  }

  function div(uint256 a, uint256 b) internal constant returns (uint256) {
    // assert(b > 0); // Solidity automatically throws when dividing by 0
    uint256 c = a / b;
    // assert(a == b * c + a % b); // There is no case in which this doesn't hold
    return c;
  }

  function sub(uint256 a, uint256 b) internal constant returns (uint256) {
    assert(b <= a);
    return a - b;
  }

  function add(uint256 a, uint256 b) internal constant returns (uint256) {
    uint256 c = a + b;
    assert(c >= a);
    return c;
  }
}

/**
 * @title ERC20Basic
 * @dev Simpler version of ERC20 interface
 * @dev see https://github.com/ethereum/EIPs/issues/179
 */
contract ERC20Basic {
  uint256 public totalSupply;
  function balanceOf(address who) public constant returns (uint256);
  function transfer(address to, uint256 value) public returns (bool);
  event Transfer(address indexed from, address indexed to, uint256 value);
}

/**
 * @title Basic token
 * @dev Basic version of StandardToken, with no allowances.
 */
contract BasicToken is ERC20Basic {
  using SafeMath for uint256;

  mapping(address => uint256) balances;

  /**
  * @dev transfer token for a specified address
  * @param _to The address to transfer to.
  * @param _value The amount to be transferred.
  */
  function transfer(address _to, uint256 _value) public returns (bool) {
    require(_to != address(0));
    require(_value > 0 && _value <= balances[msg.sender]);

    // SafeMath.sub will throw if there is not enough balance.
    balances[msg.sender] = balances[msg.sender].sub(_value);
    balances[_to] = balances[_to].add(_value);
    Transfer(msg.sender, _to, _value);
    return true;
  }

  /**
  * @dev Gets the balance of the specified address.
  * @param _owner The address to query the the balance of.
  * @return An uint256 representing the amount owned by the passed address.
  */
  function balanceOf(address _owner) public constant returns (uint256 balance) {
    return balances[_owner];
  }
}

/**
 * @title ERC20 interface
 * @dev see http