/**
Slither可以找出victimMethod为可重入
**/
pragma solidity ^0.4.22;
contract Father {
A a;
address owner;
constructor() {
owner = msg.sender;
}
modifier onlyOwner {
require(msg.sender == owner);
_;
}
}
contract Victim is Father{
address destAddress;
uint amount = 11;
function setAddress(address _dest) {
destAddress = _dest;
a = A(_dest); // 注意这里不是 a = new A()
}
function victimMethod() onlyOwner { //这里如果去掉onlyOwner就是真正的reentrancy了依 然会被slither报告出来
if(amount > 10){ //这里这个amount属于全集变量的读,slither现在可以不要这个条件
method_1();
method_2();
amount = amount-1; //这里属于全局变量的写,slither必须要这个条件才会报告。
}
}
function victimMethod_2() { //这个函数比victimMethod()更有可能有可重入风险,因为它的回调链更短!
if(amount > 10){ //这里这个amount属于全集变量的读,slither现在可以不要这个条件
method_1();
method_3();
amount = amount-1; //这里属于全局变量的写,slither必须要这个条件才会报告。
}
}
function method_1() private{
destAddress.transfer(amount); //若去掉这句话slither 的另个detector--- reentrancy-no-eth会报告
}
function method_2(){
method_3();
}
function method_3(){
a.good();
}
}
contract A {
function good(){
//
}
}
contract B is A {
address victim_address = 0x74758acfce059f503a7e6b0fc2c8737600f9f2c4; //假设我们搜索到Victim合约地址
uint count = 0; // 设定重入次数
Victim victim = Victim(victim_address);
function prepare(){
victim.set(this);
}
function good(){
count++;
if(count<10) { //重入9次
victim.victimMethod();
}
}
function() payable{
}
}
// 0.6.4 slither输出:
// Reentrancy in Victim.victimMethod() (constructcallLinkExampleSet.sol#25-31):
// External calls:
// - method_2() (constructcallLinkExampleSet.sol#28)
// External calls sending eth:
// - method_1() (constructcallLinkExampleSet.sol#27)
// State variables written after the call(s):
// - amount (constructcallLinkExampleSet.sol#29)
// Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities
// 0.4.0 slither输出:
// INFO:Slither:========mml========constructcallLinkExampleSet.sol
// INFO:Slither:constructcallLinkExampleSet.sol analyzed (4 contracts), 0 result(s) found
// INFO:Slither:========mml========
扫一扫
3389
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
