Analysis on the recharge "f

2018-10-15 本文已影响37人荆凯_EOS42

by: SlowMist Security Team

1. the mechanism of vulnerability

The design that in an EOS smart contract, one can call another contract via the function require_recipient, which provides the contract developers with great convenience, but at the same time, brings new problem.

Let's take the EOSBet DApp being attacked as an example:

image

2. reply the vulnerability

1. create a normal account of the attacker：aaaaaa

2. create a contract account of the attacker：cccccc，and deploy the smart contract used for attacking

image

3. target account of attack：eosbetdice11

We modify the official open source code by adding the print code to watch the call process:

image

4. start an attack

transfer from the attacker normal account：aaaaaa to malicious contract account：cccccc

image

From the message in console, we can see that the transfer function of eosbetdice11 is successfully invoked:

image

3. repair plan

Add the verification to ensure that the to in transfer function is equal to _self, in order to avoid the specific problem. If you have any questions, please contact us for help.

image

SlowMist Media Channel

Telegram

https://t.me/slowmistteam

Twitter

https://twitter.com/@slowmist_team

Medium

https://medium.com/@slowmist

Analysis on the recharge "f

1. the mechanism of vulnerability

2. reply the vulnerability

3. repair plan

猜你喜欢

热点阅读